# SPDX-License-Identifier: LGPL-2.1-or-later

project('systemd', 'c',
        version : files('meson.version'),
        license : 'LGPLv2+',
        default_options: [
                'c_std=gnu11',
                'prefix=/usr',
                'sysconfdir=/etc',
                'localstatedir=/var',
                'warning_level=2',
        ],
        meson_version : '>= 0.60.0',
       )

project_major_version = meson.project_version().split('.')[0].split('~')[0]
if meson.project_version().contains('.')
        project_minor_version = meson.project_version().split('.')[-1].split('~')[0]
else
        project_minor_version = '0'
endif

libsystemd_version = '0.39.0'
libudev_version = '1.7.9'

conf = configuration_data()
conf.set_quoted('PROJECT_URL', 'https://systemd.io/')
conf.set('PROJECT_VERSION', project_major_version,
         description : 'Numerical project version (used where a simple number is expected)')
conf.set_quoted('PROJECT_VERSION_FULL', meson.project_version(), description : 'Full project version')

# This is to be used instead of meson.source_root(), as the latter will return
# the wrong result when systemd is being built as a meson subproject
project_source_root = meson.current_source_dir()
project_build_root = meson.current_build_dir()
relative_source_path = run_command('realpath',
                                   '--relative-to=@0@'.format(project_build_root),
                                   project_source_root,
                                   check : true).stdout().strip()
conf.set_quoted('RELATIVE_SOURCE_PATH', relative_source_path)

conf.set10('BUILD_MODE_DEVELOPER', get_option('mode') == 'developer',
           description : 'tailor build to development or release builds')

feature = get_option('log-message-verification')
if feature.auto()
        have = conf.get('BUILD_MODE_DEVELOPER') == 1
else
        have = feature.enabled()
endif
conf.set10('LOG_MESSAGE_VERIFICATION', have)

want_ossfuzz = get_option('oss-fuzz')
want_libfuzzer = get_option('llvm-fuzz')
if want_ossfuzz and want_libfuzzer
        error('only one of oss-fuzz or llvm-fuzz can be specified')
endif

fuzzer_build = want_ossfuzz or want_libfuzzer

# If we're building *not* for actual fuzzing, allow input samples of any size
# (for testing and for reproduction of issues discovered with previously-higher
# limits).
conf.set10('FUZZ_USE_SIZE_LIMIT', fuzzer_build)

# We'll set this to '1' for EFI builds in a different place.
conf.set10('SD_BOOT', false)

# Create a title-less summary section early, so it ends up first in the output.
# More items are added later after they have been detected.
summary({'build mode' : get_option('mode')})

#####################################################################

# Try to install the git pre-commit hook
git_setup_sh = find_program('tools/git-setup.sh', required : false)
if git_setup_sh.found()
        git_hook = run_command(git_setup_sh, check : false)
        if git_hook.returncode() == 0
                message(git_hook.stdout().strip())
        endif
endif

#####################################################################

fs = import('fs')
if get_option('split-bin') == 'auto'
        split_bin = not fs.is_symlink('/usr/sbin')
else
        split_bin = get_option('split-bin') == 'true'
endif
conf.set10('HAVE_SPLIT_BIN', split_bin,
           description : 'bin and sbin directories are separate')

have_standalone_binaries = get_option('standalone-binaries')

sysvinit_path = get_option('sysvinit-path')
sysvrcnd_path = get_option('sysvrcnd-path')
conf.set10('HAVE_SYSV_COMPAT', sysvinit_path != '' and sysvrcnd_path != '',
           description : 'SysV init scripts and rcN.d links are supported')
conf.set10('CREATE_LOG_DIRS', get_option('create-log-dirs'))

if get_option('hibernate') and not get_option('initrd')
        error('hibernate depends on initrd')
endif

conf.set10('BUMP_PROC_SYS_FS_FILE_MAX', get_option('bump-proc-sys-fs-file-max'))
conf.set10('BUMP_PROC_SYS_FS_NR_OPEN',  get_option('bump-proc-sys-fs-nr-open'))
conf.set('HIGH_RLIMIT_NOFILE',          512*1024)

# Meson ignores the preceding arguments when joining paths if an absolute
# component is encountered, so this should canonicalize various paths when they
# are absolute or relative.
prefixdir = get_option('prefix')
if not prefixdir.startswith('/')
        error('Prefix is not absolute: "@0@"'.format(prefixdir))
endif

prefixdir_noslash = '/' + prefixdir.strip('/')
bindir = prefixdir / get_option('bindir')
sbindir = prefixdir / (split_bin ? 'sbin' : 'bin')
sbin_to_bin = split_bin ? '../bin/' : ''
libdir = prefixdir / get_option('libdir')
sysconfdir = prefixdir / get_option('sysconfdir')
includedir = prefixdir / get_option('includedir')
datadir = prefixdir / get_option('datadir')
localstatedir = '/' / get_option('localstatedir')

libexecdir = prefixdir / 'lib/systemd'
pkglibdir = libdir / 'systemd'

install_sysconfdir = get_option('install-sysconfdir') != 'false'
install_sysconfdir_samples = get_option('install-sysconfdir') == 'true'
# Dirs of external packages
pkgconfigdatadir = get_option('pkgconfigdatadir') != '' ? get_option('pkgconfigdatadir') : datadir / 'pkgconfig'
pkgconfiglibdir = get_option('pkgconfiglibdir') != '' ? get_option('pkgconfiglibdir') : libdir / 'pkgconfig'
polkitpolicydir = datadir / 'polkit-1/actions'
polkitrulesdir = datadir / 'polkit-1/rules.d'
polkitpkladir = localstatedir / 'lib/polkit-1/localauthority/10-vendor.d'
xinitrcdir = get_option('xinitrcdir') != '' ? get_option('xinitrcdir') : sysconfdir / 'X11/xinit/xinitrc.d'
rpmmacrosdir = get_option('rpmmacrosdir')
if rpmmacrosdir != 'no'
        rpmmacrosdir = prefixdir / rpmmacrosdir
endif
modprobedir = prefixdir / 'lib/modprobe.d'

# Our own paths
pkgdatadir = datadir / 'systemd'
environmentdir = prefixdir / 'lib/environment.d'
pkgsysconfdir = sysconfdir / 'systemd'
userunitdir = prefixdir / 'lib/systemd/user'
userpresetdir = prefixdir / 'lib/systemd/user-preset'
tmpfilesdir = prefixdir / 'lib/tmpfiles.d'
usertmpfilesdir = prefixdir / 'share/user-tmpfiles.d'
sysusersdir = prefixdir / 'lib/sysusers.d'
sysctldir = prefixdir / 'lib/sysctl.d'
binfmtdir = prefixdir / 'lib/binfmt.d'
modulesloaddir = prefixdir / 'lib/modules-load.d'
networkdir = prefixdir / 'lib/systemd/network'
systemgeneratordir = libexecdir / 'system-generators'
usergeneratordir = prefixdir / 'lib/systemd/user-generators'
systemenvgeneratordir = prefixdir / 'lib/systemd/system-environment-generators'
userenvgeneratordir = prefixdir / 'lib/systemd/user-environment-generators'
systemshutdowndir = libexecdir / 'system-shutdown'
systemsleepdir = libexecdir / 'system-sleep'
systemunitdir = prefixdir / 'lib/systemd/system'
systempresetdir = prefixdir / 'lib/systemd/system-preset'
udevlibexecdir = prefixdir / 'lib/udev'
udevrulesdir = udevlibexecdir / 'rules.d'
udevhwdbdir = udevlibexecdir / 'hwdb.d'
catalogdir = prefixdir / 'lib/systemd/catalog'
kerneldir = prefixdir / 'lib/kernel'
kernelinstalldir = kerneldir / 'install.d'
factorydir = datadir / 'factory'
bootlibdir = prefixdir / 'lib/systemd/boot/efi'
testsdir = prefixdir / 'lib/systemd/tests'
unittestsdir = testsdir / 'unit-tests'
testdata_dir = testsdir / 'testdata'
systemdstatedir = localstatedir / 'lib/systemd'
catalogstatedir = systemdstatedir / 'catalog'
randomseeddir = localstatedir / 'lib/systemd'
profiledir = libexecdir / 'portable' / 'profile'
repartdefinitionsdir = libexecdir / 'repart/definitions'
ntpservicelistdir = prefixdir / 'lib/systemd/ntp-units.d'
credstoredir = prefixdir / 'lib/credstore'
pcrlockdir = prefixdir / 'lib/pcrlock.d'
mimepackagesdir = prefixdir / 'share/mime/packages'

configfiledir = get_option('configfiledir')
if configfiledir == ''
        configfiledir = sysconfdir
endif
pkgconfigfiledir = configfiledir / 'systemd'

docdir = get_option('docdir')
if docdir == ''
        docdir = datadir / 'doc/systemd'
endif

pamlibdir = get_option('pamlibdir')
if pamlibdir == ''
        pamlibdir = libdir / 'security'
endif

pamconfdir = get_option('pamconfdir')
if pamconfdir == ''
        pamconfdir = prefixdir / 'lib/pam.d'
endif

sshconfdir = get_option('sshconfdir')
if sshconfdir == ''
        sshconfdir = sysconfdir / 'ssh/ssh_config.d'
endif
conf.set10('LINK_SSH_PROXY_DROPIN', sshconfdir != 'no' and not sshconfdir.startswith('/usr/'))

sshdconfdir = get_option('sshdconfdir')
if sshdconfdir == ''
        sshdconfdir = sysconfdir / 'ssh/sshd_config.d'
endif
conf.set10('LINK_SSHD_USERDB_DROPIN', sshdconfdir != 'no' and not sshdconfdir.startswith('/usr/'))

sshdprivsepdir = get_option('sshdprivsepdir')
conf.set10('CREATE_SSHDPRIVSEPDIR', sshdprivsepdir != 'no' and not sshdprivsepdir.startswith('/usr/'))
conf.set('SSHDPRIVSEPDIR', sshdprivsepdir, description : 'SSH privilege separation directory')

libcryptsetup_plugins_dir = get_option('libcryptsetup-plugins-dir')
if libcryptsetup_plugins_dir == ''
        libcryptsetup_plugins_dir = libdir / 'cryptsetup'
endif

shellprofiledir = get_option('shellprofiledir')
if shellprofiledir == ''
        shellprofiledir = sysconfdir / 'profile.d'
endif
conf.set10('LINK_SHELL_EXTRA_DROPIN', shellprofiledir != 'no' and not shellprofiledir.startswith('/usr/'))
conf.set('SHELLPROFILEDIR', shellprofiledir, description : 'shell profile directory')

memory_accounting_default = get_option('memory-accounting-default')
status_unit_format_default = get_option('status-unit-format-default')
if status_unit_format_default == 'auto'
        status_unit_format_default = conf.get('BUILD_MODE_DEVELOPER') == 1 ? 'name' : 'description'
endif

conf.set_quoted('BINDIR',                                     bindir)
conf.set_quoted('BINFMT_DIR',                                 binfmtdir)
conf.set_quoted('BOOTLIBDIR',                                 bootlibdir)
conf.set_quoted('CATALOG_DATABASE',                           catalogstatedir / 'database')
conf.set_quoted('CERTIFICATE_ROOT',                           get_option('certificate-root'))
conf.set_quoted('DOC_DIR',                                    docdir)
conf.set_quoted('DOCUMENT_ROOT',                              pkgdatadir / 'gatewayd')
conf.set_quoted('ENVIRONMENT_DIR',                            environmentdir)
conf.set_quoted('INCLUDE_DIR',                                includedir)
conf.set_quoted('LIBDIR',                                     libdir)
conf.set_quoted('LIBEXECDIR',                                 libexecdir)
conf.set_quoted('KERNEL_INSTALL_DIR',                         kernelinstalldir)
conf.set_quoted('MODPROBE_DIR',                               modprobedir)
conf.set_quoted('MODULESLOAD_DIR',                            modulesloaddir)
conf.set_quoted('PKGSYSCONFDIR',                              pkgsysconfdir)
conf.set_quoted('POLKIT_AGENT_BINARY_PATH',                   bindir / 'pkttyagent')
conf.set_quoted('PREFIX',                                     prefixdir)
conf.set_quoted('PREFIX_NOSLASH',                             prefixdir_noslash)
conf.set_quoted('RANDOM_SEED',                                randomseeddir / 'random-seed')
conf.set_quoted('RANDOM_SEED_DIR',                            randomseeddir)
conf.set_quoted('RC_LOCAL_PATH',                              get_option('rc-local'))
conf.set_quoted('SSHCONFDIR',                                 sshconfdir)
conf.set_quoted('SSHDCONFDIR',                                sshdconfdir)
conf.set_quoted('SHELLPROFILEDIR',                            shellprofiledir)
conf.set_quoted('SYSCONF_DIR',                                sysconfdir)
conf.set_quoted('SYSCTL_DIR',                                 sysctldir)
conf.set_quoted('SYSTEMCTL_BINARY_PATH',                      bindir / 'systemctl')
conf.set_quoted('SYSTEMD_BINARY_PATH',                        libexecdir / 'systemd')
conf.set_quoted('SYSTEMD_EXECUTOR_BINARY_PATH',               libexecdir / 'systemd-executor')
conf.set_quoted('SYSTEMD_CATALOG_DIR',                        catalogdir)
conf.set_quoted('SYSTEMD_CGROUPS_AGENT_PATH',                 libexecdir / 'systemd-cgroups-agent')
conf.set_quoted('SYSTEMD_CRYPTSETUP_PATH',                    bindir / 'systemd-cryptsetup')
conf.set_quoted('SYSTEMD_EXPORT_PATH',                        libexecdir / 'systemd-export')
conf.set_quoted('SYSTEMD_FSCK_PATH',                          libexecdir / 'systemd-fsck')
conf.set_quoted('SYSTEMD_GROWFS_PATH',                        libexecdir / 'systemd-growfs')
conf.set_quoted('SYSTEMD_HOMEWORK_PATH',                      libexecdir / 'systemd-homework')
conf.set_quoted('SYSTEMD_IMPORT_FS_PATH',                     libexecdir / 'systemd-import-fs')
conf.set_quoted('SYSTEMD_IMPORT_PATH',                        libexecdir / 'systemd-import')
conf.set_quoted('SYSTEMD_INTEGRITYSETUP_PATH',                libexecdir / 'systemd-integritysetup')
conf.set_quoted('SYSTEMD_KBD_MODEL_MAP',                      pkgdatadir / 'kbd-model-map')
conf.set_quoted('SYSTEMD_LANGUAGE_FALLBACK_MAP',              pkgdatadir / 'language-fallback-map')
conf.set_quoted('SYSTEMD_MAKEFS_PATH',                        libexecdir / 'systemd-makefs')
conf.set_quoted('SYSTEMD_PULL_PATH',                          libexecdir / 'systemd-pull')
conf.set_quoted('SYSTEMD_SHUTDOWN_BINARY_PATH',               libexecdir / 'systemd-shutdown')
conf.set_quoted('SYSTEMD_SYSUPDATE_PATH',                     libexecdir / 'systemd-sysupdate')
conf.set_quoted('SYSTEMD_TEST_DATA',                          testdata_dir)
conf.set_quoted('SYSTEMD_TTY_ASK_PASSWORD_AGENT_BINARY_PATH', bindir / 'systemd-tty-ask-password-agent')
conf.set_quoted('SYSTEMD_UPDATE_HELPER_PATH',                 libexecdir / 'systemd-update-helper')
conf.set_quoted('SYSTEMD_USERWORK_PATH',                      libexecdir / 'systemd-userwork')
conf.set_quoted('SYSTEMD_MOUNTWORK_PATH',                     libexecdir / 'systemd-mountwork')
conf.set_quoted('SYSTEMD_NSRESOURCEWORK_PATH',                libexecdir / 'systemd-nsresourcework')
conf.set_quoted('SYSTEMD_VERITYSETUP_PATH',                   libexecdir / 'systemd-veritysetup')
conf.set_quoted('SYSTEM_CONFIG_UNIT_DIR',                     pkgsysconfdir / 'system')
conf.set_quoted('SYSTEM_DATA_UNIT_DIR',                       systemunitdir)
conf.set_quoted('SYSTEM_ENV_GENERATOR_DIR',                   systemenvgeneratordir)
conf.set_quoted('SYSTEM_GENERATOR_DIR',                       systemgeneratordir)
conf.set_quoted('SYSTEM_PRESET_DIR',                          systempresetdir)
conf.set_quoted('SYSTEM_SHUTDOWN_PATH',                       systemshutdowndir)
conf.set_quoted('SYSTEM_SLEEP_PATH',                          systemsleepdir)
conf.set_quoted('SYSTEM_SYSVINIT_PATH',                       sysvinit_path)
conf.set_quoted('SYSTEM_SYSVRCND_PATH',                       sysvrcnd_path)
conf.set_quoted('SYSUSERS_DIR',                               sysusersdir)
conf.set_quoted('TMPFILES_DIR',                               tmpfilesdir)
conf.set_quoted('USER_TMPFILES_DIR',                          usertmpfilesdir)
conf.set_quoted('UDEVLIBEXECDIR',                             udevlibexecdir)
conf.set_quoted('UDEV_HWDB_DIR',                              udevhwdbdir)
conf.set_quoted('UDEV_RULES_DIR',                             udevrulesdir)
conf.set_quoted('USER_CONFIG_UNIT_DIR',                       pkgsysconfdir / 'user')
conf.set_quoted('USER_DATA_UNIT_DIR',                         userunitdir)
conf.set_quoted('USER_ENV_GENERATOR_DIR',                     userenvgeneratordir)
conf.set_quoted('USER_GENERATOR_DIR',                         usergeneratordir)
conf.set_quoted('USER_KEYRING_PATH',                          pkgsysconfdir / 'import-pubring.gpg')
conf.set_quoted('USER_PRESET_DIR',                            userpresetdir)
conf.set_quoted('VENDOR_KEYRING_PATH',                        libexecdir / 'import-pubring.gpg')

conf.set('ANSI_OK_COLOR',                                     'ANSI_' + get_option('ok-color').underscorify().to_upper())
conf.set10('ENABLE_URLIFY',                                   get_option('urlify'))
conf.set10('ENABLE_FEXECVE',                                  get_option('fexecve'))
conf.set10('MEMORY_ACCOUNTING_DEFAULT',                       memory_accounting_default)
conf.set('STATUS_UNIT_FORMAT_DEFAULT',                        'STATUS_UNIT_FORMAT_' + status_unit_format_default.to_upper())
conf.set_quoted('STATUS_UNIT_FORMAT_DEFAULT_STR',             status_unit_format_default)

conf.set('DEFAULT_TIMEOUT_SEC',                               get_option('default-timeout-sec'))
conf.set('DEFAULT_USER_TIMEOUT_SEC',                          get_option('default-user-timeout-sec'))
conf.set('UPDATE_HELPER_USER_TIMEOUT_SEC',                    get_option('update-helper-user-timeout-sec'))

conf.set10('ENABLE_FIRST_BOOT_FULL_PRESET',                   get_option('first-boot-full-preset'))

#####################################################################

cc = meson.get_compiler('c')
userspace_c_args = []
userspace_c_ld_args = []
meson_build_sh = find_program('tools/meson-build.sh')

want_tests = get_option('tests')
want_slow_tests = want_tests != 'false' and get_option('slow-tests')
want_fuzz_tests = want_tests != 'false' and get_option('fuzz-tests')
want_integration_tests = want_tests != 'false' and get_option('integration-tests')
install_tests = want_tests != 'false' and get_option('install-tests')

if add_languages('cpp', native : false, required : fuzzer_build)
        #  Used only for tests
        cxx = meson.get_compiler('cpp')
        cxx_cmd = ' '.join(cxx.cmd_array())
else
        cxx_cmd = ''
endif

if want_libfuzzer
        fuzzing_engine = meson.get_compiler('cpp').find_library('Fuzzer', required : false)
        if fuzzing_engine.found()
                userspace_c_args += '-fsanitize-coverage=trace-pc-guard,trace-cmp'
        elif cc.has_argument('-fsanitize=fuzzer-no-link')
                userspace_c_args += '-fsanitize=fuzzer-no-link'
        else
                error('Looks like neither libFuzzer nor -fsanitize=fuzzer-no-link is supported')
        endif
elif want_ossfuzz
        fuzzing_engine = meson.get_compiler('cpp').find_library('FuzzingEngine')
endif

# Those generate many false positives, and we do not want to change the code to
# avoid them.
basic_disabled_warnings = [
        '-Wno-missing-field-initializers',
        '-Wno-unused-parameter',
        '-Wno-nonnull-compare',
]

possible_common_cc_flags = [
        '-Warray-bounds',     # clang
        '-Warray-bounds=2',
        '-Wdate-time',
        '-Wendif-labels',
        '-Werror=format=2',
        '-Werror=format-signedness',
        '-Werror=implicit-function-declaration',
        '-Werror=implicit-int',
        '-Werror=incompatible-pointer-types',
        '-Werror=int-conversion',
        '-Werror=missing-declarations',
        '-Werror=missing-prototypes',
        '-Werror=overflow',
        '-Werror=override-init',
        '-Werror=return-type',
        '-Werror=shift-count-overflow',
        '-Werror=shift-overflow=2',
        '-Werror=strict-flex-arrays',
        '-Werror=undef',
        '-Wfloat-equal',
        # gperf prevents us from enabling this because it does not emit fallthrough
        # attribute with clang.
        #'-Wimplicit-fallthrough',
        '-Wimplicit-fallthrough=5',
        '-Winit-self',
        '-Wlogical-op',
        '-Wmissing-include-dirs',
        '-Wmissing-noreturn',
        '-Wnested-externs',
        '-Wold-style-definition',
        '-Wpointer-arith',
        '-Wredundant-decls',
        '-Wshadow',
        '-Wstrict-aliasing=2',
        '-Wstrict-prototypes',
        '-Wsuggest-attribute=noreturn',
        '-Wunterminated-string-initialization',
        '-Wunused-function',
        '-Wwrite-strings',
        '-Wzero-length-bounds',

        # negative arguments are correctly detected starting with meson 0.46.
        '-Wno-error=#warnings',  # clang
        '-Wno-string-plus-int',  # clang

        '-fdiagnostics-show-option',
        '-fno-common',
        '-fstack-protector',
        '-fstack-protector-strong',
        '-fstrict-flex-arrays=3',
        '--param=ssp-buffer-size=4',
]

possible_common_link_flags = [
        '-fstack-protector',
]

c_args = get_option('c_args')

# Our json library does not support -ffinite-math-only, which is enabled by -Ofast or -ffast-math.
if (('-Ofast' in c_args or '-ffast-math' in c_args or '-ffinite-math-only' in c_args) and '-fno-finite-math-only' not in c_args)
        error('-Ofast, -ffast-math, or -ffinite-math-only is specified in c_args.')
endif

# Disable -Wmaybe-uninitialized when compiling with -Os/-O1/-O3/etc. There are
# too many false positives with gcc >= 8. Effectively, we only test with -O0
# and -O2; this should be enough to catch most important cases without too much
# busywork. See https://github.com/systemd/systemd/pull/19226.
if cc.get_id() == 'gcc' and (not '02'.contains(get_option('optimization')) or
                             cc.version().version_compare('<10') or
                             '-Os' in c_args or
                             '-O1' in c_args or
                             '-O3' in c_args or
                             '-Og' in c_args)
        possible_common_cc_flags += '-Wno-maybe-uninitialized'
endif

# Disable -Wno-unused-result with gcc, see
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425.
if cc.get_id() == 'gcc'
        possible_common_cc_flags += '-Wno-unused-result'
endif

# --as-needed and --no-undefined are provided by meson by default,
# run 'meson configure' to see what is enabled
possible_link_flags = [
        '-Wl,--fatal-warnings',
        '-Wl,-z,now',
        '-Wl,-z,relro',
]

if get_option('b_sanitize') == 'none'
        possible_link_flags += '-Wl,--warn-common'
endif

if cc.get_id() == 'clang'
        possible_common_cc_flags += [
                '-Wno-typedef-redefinition',
                '-Wno-gnu-variable-sized-type-not-at-end',
        ]
endif

if get_option('mode') == 'release'
        # We could enable 'pattern' for developer mode, but that can interfere with
        # valgrind and sanitizer builds. Also, clang does not zero-initialize unions,
        # breaking some of our code (https://reviews.llvm.org/D68115).
        possible_common_cc_flags += '-ftrivial-auto-var-init=zero'
endif

possible_cc_flags = [
        '-fno-strict-aliasing',
        '-fstrict-flex-arrays=1',
        '-fvisibility=hidden',
]

if get_option('buildtype') != 'debug'
        possible_cc_flags += [
                '-ffunction-sections',
                '-fdata-sections',
        ]

        possible_link_flags += '-Wl,--gc-sections'
endif

if get_option('mode') == 'developer'
        possible_cc_flags += '-fno-omit-frame-pointer'
endif

add_project_arguments(
        cc.get_supported_arguments(
                basic_disabled_warnings,
                possible_common_cc_flags
        ),
        language : 'c')

add_project_link_arguments(
        cc.get_supported_link_arguments(possible_common_link_flags),
        language : 'c')

userspace_c_args += cc.get_supported_arguments(possible_cc_flags)
userspace_c_ld_args += cc.get_supported_link_arguments(possible_link_flags)

have = cc.has_argument('-Wzero-length-bounds')
conf.set10('HAVE_ZERO_LENGTH_BOUNDS', have)

if cc.compiles('''
   #include <time.h>
   #include <inttypes.h>
   typedef uint64_t usec_t;
   usec_t now(clockid_t clock);
   int main(void) {
           struct timespec now;
           return 0;
   }
''', args: '-Werror=shadow', name : '-Werror=shadow with local shadowing')
        add_project_arguments('-Werror=shadow', language : 'c')
endif

if cxx_cmd != ''
        add_project_arguments(cxx.get_supported_arguments(basic_disabled_warnings), language : 'cpp')
endif

cpp = ' '.join(cc.cmd_array() + get_option('c_args')) + ' -E'

has_wstringop_truncation = cc.has_argument('-Wstringop-truncation')

#####################################################################
# compilation result tests

conf.set('_GNU_SOURCE', 1)
conf.set('__SANE_USERSPACE_TYPES__', true)
conf.set10('HAVE_WSTRINGOP_TRUNCATION', has_wstringop_truncation)

conf.set('SIZEOF_DEV_T', cc.sizeof('dev_t', prefix : '#include <sys/types.h>'))
conf.set('SIZEOF_INO_T', cc.sizeof('ino_t', prefix : '#include <sys/types.h>'))
conf.set('SIZEOF_RLIM_T', cc.sizeof('rlim_t', prefix : '#include <sys/resource.h>'))
conf.set('SIZEOF_TIME_T', cc.sizeof('time_t', prefix : '#include <sys/time.h>'))
conf.set('SIZEOF_TIMEX_MEMBER', cc.sizeof('typeof(((struct timex *)0)->freq)', prefix : '#include <sys/timex.h>'))

long_max = cc.compute_int(
        'LONG_MAX',
        prefix : '#include <limits.h>',
        guess : 0x7FFFFFFFFFFFFFFF,
        high : 0x7FFFFFFFFFFFFFFF)
assert(long_max > 100000)
conf.set_quoted('LONG_MAX_STR', '@0@'.format(long_max))

decl_headers = '''
#include <dirent.h>
#include <uchar.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sched.h>
'''

foreach decl : ['char16_t',
                'char32_t',
                'struct mount_attr',
                'struct statx',
                'struct dirent64',
                'struct sched_attr',
               ]

        # We get -1 if the size cannot be determined
        have = cc.sizeof(decl, prefix : decl_headers, args : '-D_GNU_SOURCE') > 0

        if decl == 'struct mount_attr'
                if have
                        want_linux_fs_h = false
                else
                        have = cc.sizeof(decl,
                                         prefix : decl_headers + '#include <linux/fs.h>',
                                         args : '-D_GNU_SOURCE') > 0
                        want_linux_fs_h = have
                endif
        endif

        if decl == 'struct statx'
                if have
                        want_linux_stat_h = false
                else
                        have = cc.sizeof(decl,
                                         prefix : decl_headers + '#include <linux/stat.h>',
                                         args : '-D_GNU_SOURCE') > 0
                        want_linux_stat_h = have
                endif
        endif

        conf.set10('HAVE_' + decl.underscorify().to_upper(), have)
endforeach

conf.set10('WANT_LINUX_STAT_H', want_linux_stat_h)
conf.set10('WANT_LINUX_FS_H', want_linux_fs_h)

foreach ident : ['secure_getenv', '__secure_getenv']
        conf.set10('HAVE_' + ident.to_upper(), cc.has_function(ident))
endforeach

foreach ident : [
        ['memfd_create',      '''#include <sys/mman.h>'''],
        ['gettid',            '''#include <sys/types.h>
                                 #include <unistd.h>'''],
        ['fchmodat2',         '''#include <stdlib.h>
                                 #include <fcntl.h>'''],      # no known header declares fchmodat2
        ['pivot_root',        '''#include <stdlib.h>
                                 #include <unistd.h>'''],     # no known header declares pivot_root
        ['ioprio_get',        '''#include <sched.h>'''],      # no known header declares ioprio_get
        ['ioprio_set',        '''#include <sched.h>'''],      # no known header declares ioprio_set
        ['sched_setattr',     '''#include <sched.h>'''],      # no known header declares sched_setattr
        ['name_to_handle_at', '''#include <sys/types.h>
                                 #include <sys/stat.h>
                                 #include <fcntl.h>'''],
        ['setns',             '''#include <sched.h>'''],
        ['renameat2',         '''#include <stdio.h>
                                 #include <fcntl.h>'''],
        ['kcmp',              '''#include <linux/kcmp.h>'''],
        ['keyctl',            '''#include <sys/types.h>
                                 #include <keyutils.h>'''],
        ['copy_file_range',   '''#include <sys/syscall.h>
                                 #include <unistd.h>'''],
        ['bpf',               '''#include <sys/syscall.h>
                                 #include <unistd.h>'''],
        ['statx',             '''#include <sys/types.h>
                                 #include <sys/stat.h>
                                 #include <unistd.h>'''],
        ['explicit_bzero' ,   '''#include <string.h>'''],
        ['reallocarray',      '''#include <stdlib.h>'''],
        ['set_mempolicy',     '''#include <stdlib.h>
                                 #include <unistd.h>'''],
        ['get_mempolicy',     '''#include <stdlib.h>
                                 #include <unistd.h>'''],
        ['pidfd_send_signal', '''#include <stdlib.h>
                                 #include <unistd.h>
                                 #include <signal.h>
                                 #include <sys/wait.h>
                                 #include <sys/pidfd.h>'''],
        ['pidfd_open',        '''#include <stdlib.h>
                                 #include <unistd.h>
                                 #include <signal.h>
                                 #include <sys/wait.h>
                                 #include <sys/pidfd.h>'''],
        ['rt_sigqueueinfo',   '''#include <stdlib.h>
                                 #include <unistd.h>
                                 #include <signal.h>
                                 #include <sys/wait.h>'''],
        ['rt_tgsigqueueinfo', '''#include <stdlib.h>
                                 #include <unistd.h>
                                 #include <signal.h>
                                 #include <sys/wait.h>'''],
        ['mallinfo',          '''#include <malloc.h>'''],
        ['mallinfo2',         '''#include <malloc.h>'''],
        ['execveat',          '''#include <unistd.h>'''],
        ['close_range',       '''#include <unistd.h>'''],
        ['epoll_pwait2',      '''#include <sys/epoll.h>'''],
        ['mount_setattr',     '''#include <sys/mount.h>'''],
        ['move_mount',        '''#include <sys/mount.h>'''],
        ['open_tree',         '''#include <sys/mount.h>'''],
        ['fsopen',            '''#include <sys/mount.h>'''],
        ['fsconfig',          '''#include <sys/mount.h>'''],
        ['fsmount',           '''#include <sys/mount.h>'''],
        ['getdents64',        '''#include <dirent.h>'''],
        ['pidfd_spawn',       '''#include <spawn.h>'''],
]

        have = cc.has_function(ident[0], prefix : ident[1], args : '-D_GNU_SOURCE')
        conf.set10('HAVE_' + ident[0].to_upper(), have)
endforeach

if cc.has_function('getrandom', prefix : '''#include <sys/random.h>''', args : '-D_GNU_SOURCE')
        conf.set10('USE_SYS_RANDOM_H', true)
        conf.set10('HAVE_GETRANDOM', true)
else
        have = cc.has_function('getrandom', prefix : '''#include <linux/random.h>''')
        conf.set10('USE_SYS_RANDOM_H', false)
        conf.set10('HAVE_GETRANDOM', have)
endif

#####################################################################

sh = find_program('sh')
echo = find_program('echo')
sed = find_program('sed')
awk = find_program('awk')
stat = find_program('stat')
ln = find_program('ln')
git = find_program('git', required : false)
env = find_program('env')
rsync = find_program('rsync', required : false)
diff = find_program('diff')
find = find_program('find')

ln_s = ln.full_path() + ' -frsT -- "${DESTDIR:-}@0@" "${DESTDIR:-}@1@"'

# If -Dxxx-path option is found, use that. Otherwise, check in $PATH,
# /usr/sbin, /sbin, and fall back to the default from middle column.
progs = [['quotaon',    '/usr/sbin/quotaon'    ],
         ['quotacheck', '/usr/sbin/quotacheck' ],
         ['kmod',       '/usr/bin/kmod'        ],
         ['kexec',      '/usr/sbin/kexec'      ],
         ['sulogin',    '/usr/sbin/sulogin'    ],
         ['mount',      '/usr/bin/mount',      'MOUNT_PATH'],
         ['umount',     '/usr/bin/umount',     'UMOUNT_PATH'],
         ['loadkeys',   '/usr/bin/loadkeys',   'KBD_LOADKEYS'],
         ['setfont',    '/usr/bin/setfont',    'KBD_SETFONT'],
         ['nologin',    '/usr/sbin/nologin',   ],
        ]
foreach prog : progs
        path = get_option(prog[0] + '-path')
        if path != ''
                message('Using @1@ for @0@'.format(prog[0], path))
        else
                exe = find_program(prog[0],
                                   '/usr/sbin/' + prog[0],
                                   '/sbin/' + prog[0],
                                   required: false)
                path = exe.found() ? exe.full_path() : prog[1]
        endif
        name = prog.length() > 2 ? prog[2] : prog[0].to_upper()
        conf.set_quoted(name, path)
endforeach

if run_command(ln, '--relative', '--help', check : false).returncode() != 0
        error('ln does not support --relative (added in coreutils 8.16)')
endif

#####################################################################

gperf = find_program('gperf')

gperf_test_format = '''
#include <string.h>
const char* in_word_set(const char *, @0@);
@1@
'''
gperf_snippet = run_command(sh, '-c', 'echo foo,bar | "$1" -L ANSI-C', '_', gperf,
                            check : true)
gperf_test = gperf_test_format.format('size_t', gperf_snippet.stdout())
if cc.compiles(gperf_test)
        gperf_len_type = 'size_t'
else
        gperf_test = gperf_test_format.format('unsigned', gperf_snippet.stdout())
        if cc.compiles(gperf_test)
                gperf_len_type = 'unsigned'
        else
                error('unable to determine gperf len type')
        endif
endif
message('gperf len type is @0@'.format(gperf_len_type))
conf.set('GPERF_LEN_TYPE', gperf_len_type,
         description : 'The type of gperf "len" parameter')

#####################################################################

if not cc.has_header('sys/capability.h')
        error('POSIX caps headers not found')
endif
foreach header : ['crypt.h',
                  'linux/ioprio.h',
                  'linux/memfd.h',
                  'linux/time_types.h',
                  'sys/auxv.h',
                  'sys/sdt.h',
                  'threads.h',
                  'valgrind/memcheck.h',
                  'valgrind/valgrind.h',
                 ]

        conf.set10('HAVE_' + header.underscorify().to_upper(),
                   cc.has_header(header))
endforeach

#####################################################################

fallback_hostname = get_option('fallback-hostname')
if fallback_hostname == '' or fallback_hostname[0] == '.' or fallback_hostname[0] == '-'
        error('Invalid fallback-hostname configuration')
        # A more extensive test is done in test-hostname-util. Let's catch
        # the most obvious errors here so we don't fail with an assert later.
endif
conf.set_quoted('FALLBACK_HOSTNAME', fallback_hostname)

extra_net_naming_schemes = []
extra_net_naming_map = []
foreach scheme: get_option('extra-net-naming-schemes').split(',')
        if scheme != ''
                name = scheme.split('=')[0]
                value = scheme.split('=')[1]
                NAME = name.underscorify().to_upper()
                VALUE = []
                foreach field: value.split('+')
                        VALUE += 'NAMING_' + field.underscorify().to_upper()
                endforeach
                extra_net_naming_schemes += 'NAMING_@0@ = @1@,'.format(NAME, '|'.join(VALUE))
                extra_net_naming_map += '{ "@0@", NAMING_@1@ },'.format(name, NAME)
        endif
endforeach
conf.set('EXTRA_NET_NAMING_SCHEMES', ' '.join(extra_net_naming_schemes))
conf.set('EXTRA_NET_NAMING_MAP', ' '.join(extra_net_naming_map))

default_net_naming_scheme = get_option('default-net-naming-scheme')
conf.set_quoted('DEFAULT_NET_NAMING_SCHEME', default_net_naming_scheme,
                description : 'Default naming scheme as a string')
if default_net_naming_scheme != 'latest'
        conf.set('_DEFAULT_NET_NAMING_SCHEME',
                 'NAMING_' + default_net_naming_scheme.underscorify().to_upper(),
                 description : 'Default naming scheme as a constant')
endif

time_epoch = get_option('time-epoch')
if time_epoch <= 0
        time_epoch = run_command(sh, '-c', 'echo "$SOURCE_DATE_EPOCH"', check : true).stdout().strip()
        if time_epoch == '' and git.found() and fs.is_dir('.git')
                # If we're in a git repository, use the creation time of the latest git tag.
                latest_tag = run_command(git, 'describe', '--abbrev=0', '--tags',
                                         check : false)
                if latest_tag.returncode() == 0
                        time_epoch = run_command(
                                git, 'log', '--no-show-signature', '-1', '--format=%at',
                                     latest_tag.stdout().strip(),
                                check : false).stdout()
                endif
        endif
        if time_epoch == ''
                NEWS = files('NEWS')
                time_epoch = run_command(stat, '-c', '%Y', NEWS,
                                         check : true).stdout()
        endif
        time_epoch = time_epoch.strip().to_int()
endif
conf.set('TIME_EPOCH', time_epoch)

conf.set('CLOCK_VALID_RANGE_USEC_MAX', get_option('clock-valid-range-usec-max'))

default_user_shell = get_option('default-user-shell')
conf.set_quoted('DEFAULT_USER_SHELL',      default_user_shell)
conf.set_quoted('DEFAULT_USER_SHELL_NAME', fs.name(default_user_shell))

foreach tuple : [['system-alloc-uid-min', 'SYS_UID_MIN', 1],  # Also see login.defs(5).
                 ['system-uid-max',       'SYS_UID_MAX', 999],
                 ['system-alloc-gid-min', 'SYS_GID_MIN', 1],
                 ['system-gid-max',       'SYS_GID_MAX', 999]]
        v = get_option(tuple[0])
        if v <= 0
                v = run_command(
                        awk,
                        '/^\s*@0@\s+/ { uid=$2 } END { print uid }'.format(tuple[1]),
                        '/etc/login.defs',
                        check : false).stdout().strip()
                if v == ''
                        v = tuple[2]
                else
                        v = v.to_int()
                endif
        endif
        conf.set(tuple[0].underscorify().to_upper(), v)
endforeach
if conf.get('SYSTEM_ALLOC_UID_MIN') >= conf.get('SYSTEM_UID_MAX')
        error('Invalid uid allocation range')
endif
if conf.get('SYSTEM_ALLOC_GID_MIN') >= conf.get('SYSTEM_GID_MAX')
        error('Invalid gid allocation range')
endif

dynamic_uid_min = get_option('dynamic-uid-min')
dynamic_uid_max = get_option('dynamic-uid-max')
conf.set('DYNAMIC_UID_MIN', dynamic_uid_min)
conf.set('DYNAMIC_UID_MAX', dynamic_uid_max)

container_uid_base_min = get_option('container-uid-base-min')
container_uid_base_max = get_option('container-uid-base-max')
conf.set('CONTAINER_UID_BASE_MIN', container_uid_base_min)
conf.set('CONTAINER_UID_BASE_MAX', container_uid_base_max)

nobody_user = get_option('nobody-user')
nobody_group = get_option('nobody-group')

if not meson.is_cross_build()
        getent_result = run_command('getent', 'passwd', '65534', check : false)
        if getent_result.returncode() == 0
                name = getent_result.stdout().split(':')[0]
                if name != nobody_user
                        warning('\n' +
                                'The local user with the UID 65534 does not match the configured user name "@0@" of the nobody user (its name is @1@).\n'.format(nobody_user, name) +
                                'Your build will result in an user table setup that is incompatible with the local system.')
                endif
        endif
        id_result = run_command('id', '-u', nobody_user, check : false)
        if id_result.returncode() == 0
                id = id_result.stdout().strip().to_int()
                if id != 65534
                        warning('\n' +
                                'The local user with the configured user name "@0@" of the nobody user does not have UID 65534 (it has @1@).\n'.format(nobody_user, id) +
                                'Your build will result in an user table setup that is incompatible with the local system.')
                endif
        endif

        getent_result = run_command('getent', 'group', '65534', check : false)
        if getent_result.returncode() == 0
                name = getent_result.stdout().split(':')[0]
                if name != nobody_group
                        warning('\n' +
                                'The local group with the GID 65534 does not match the configured group name "@0@" of the nobody group (its name is @1@).\n'.format(nobody_group, name) +
                                'Your build will result in an group table setup that is incompatible with the local system.')
                endif
        endif
        id_result = run_command('id', '-g', nobody_group, check : false)
        if id_result.returncode() == 0
                id = id_result.stdout().strip().to_int()
                if id != 65534
                        warning('\n' +
                                'The local group with the configured group name "@0@" of the nobody group does not have GID 65534 (it has @1@).\n'.format(nobody_group, id) +
                                'Your build will result in an group table setup that is incompatible with the local system.')
                endif
        endif
endif
if nobody_user != nobody_group and not (nobody_user == 'nobody' and nobody_group == 'nogroup')
        warning('\n' +
                'The configured user name "@0@" and group name "@1@" of the nobody user/group are not equivalent.\n'.format(nobody_user, nobody_group) +
                'Please re-check that both "nobody-user" and "nobody-group" options are correctly set.')
endif

conf.set_quoted('NOBODY_USER_NAME', nobody_user)
conf.set_quoted('NOBODY_GROUP_NAME', nobody_group)

static_ugids = []
foreach option : ['adm-gid',
                  'audio-gid',
                  'cdrom-gid',
                  'dialout-gid',
                  'disk-gid',
                  'input-gid',
                  'kmem-gid',
                  'kvm-gid',
                  'lp-gid',
                  'render-gid',
                  'sgx-gid',
                  'tape-gid',
                  'tty-gid',
                  'users-gid',
                  'utmp-gid',
                  'video-gid',
                  'wheel-gid',
                  'systemd-journal-gid',
                  'systemd-network-uid',
                  'systemd-resolve-uid',
                  'systemd-timesync-uid']
        name = option.underscorify().to_upper()
        val = get_option(option)

        # Ensure provided GID argument is positive, otherwise fall back to default assignment
        conf.set(name, val > 0 ? val : '-')
        if val > 0
                static_ugids += '@0@:@1@'.format(option, val)
        endif
endforeach

conf.set10('ENABLE_ADM_GROUP', get_option('adm-group'))
conf.set10('ENABLE_WHEEL_GROUP', get_option('wheel-group'))

dev_kvm_mode = get_option('dev-kvm-mode')
conf.set_quoted('DEV_KVM_MODE', dev_kvm_mode) # FIXME: convert to 0o… notation
conf.set10('DEV_KVM_UACCESS', dev_kvm_mode != '0666')
group_render_mode = get_option('group-render-mode')
conf.set_quoted('GROUP_RENDER_MODE', group_render_mode)
conf.set10('GROUP_RENDER_UACCESS', group_render_mode != '0666')

kill_user_processes = get_option('default-kill-user-processes')
conf.set10('KILL_USER_PROCESSES', kill_user_processes)

dns_servers = get_option('dns-servers')
conf.set_quoted('DNS_SERVERS', dns_servers)

ntp_servers = get_option('ntp-servers')
conf.set_quoted('NTP_SERVERS', ntp_servers)

default_locale = get_option('default-locale')
conf.set_quoted('SYSTEMD_DEFAULT_LOCALE', default_locale)

nspawn_locale = get_option('nspawn-locale')
conf.set_quoted('SYSTEMD_NSPAWN_LOCALE', nspawn_locale)

default_keymap = get_option('default-keymap')
if default_keymap == ''
        # We canonicalize empty keymap to '@kernel', as it makes the default value
        # in the factory provided /etc/vconsole.conf more obvious.
        default_keymap = '@kernel'
endif
conf.set_quoted('SYSTEMD_DEFAULT_KEYMAP', default_keymap)

localegen_path = get_option('localegen-path')
if localegen_path != ''
        conf.set_quoted('LOCALEGEN_PATH', localegen_path)
endif
conf.set10('HAVE_LOCALEGEN', localegen_path != '')

conf.set_quoted('GETTEXT_PACKAGE', meson.project_name())

service_watchdog = get_option('service-watchdog')
watchdog_value = service_watchdog == '' ? '' : 'WatchdogSec=' + service_watchdog
conf.set_quoted('SERVICE_WATCHDOG', watchdog_value)

conf.set_quoted('SUSHELL', get_option('debug-shell'))
conf.set_quoted('DEBUGTTY', get_option('debug-tty'))

enable_debug_hashmap = false
enable_debug_mmap_cache = false
enable_debug_siphash = false
foreach name : get_option('debug-extra')
        if name == 'hashmap'
                enable_debug_hashmap = true
        elif name == 'mmap-cache'
                enable_debug_mmap_cache = true
        elif name == 'siphash'
                enable_debug_siphash = true
        else
                message('unknown debug option "@0@", ignoring'.format(name))
        endif
endforeach
conf.set10('ENABLE_DEBUG_HASHMAP', enable_debug_hashmap)
conf.set10('ENABLE_DEBUG_MMAP_CACHE', enable_debug_mmap_cache)
conf.set10('ENABLE_DEBUG_SIPHASH', enable_debug_siphash)
conf.set10('LOG_TRACE', get_option('log-trace'))

default_user_path = get_option('user-path')
if default_user_path != ''
        conf.set_quoted('DEFAULT_USER_PATH', default_user_path)
endif

#####################################################################

threads = dependency('threads')
librt = cc.find_library('rt')
libm = cc.find_library('m')
libdl = cc.find_library('dl')
libcrypt = dependency('libcrypt', 'libxcrypt', required : false)
if not libcrypt.found()
        # fallback to use find_library() if libcrypt is provided by glibc, e.g. for LibreELEC.
        libcrypt = cc.find_library('crypt')
endif
libcap = dependency('libcap')

# On some architectures, libatomic is required. But on some installations,
# it is found, but actual linking fails. So let's try to use it opportunistically.
# If it is installed, but not needed, it will be dropped because of --as-needed.
if cc.links('''int main(int argc, char **argv) { return 0; }''',
            args : '-latomic',
            name : 'libatomic')
        libatomic = declare_dependency(link_args : '-latomic')
else
        libatomic = []
endif

crypt_header = conf.get('HAVE_CRYPT_H') == 1 ? '''#include <crypt.h>''' : '''#include <unistd.h>'''
foreach ident : [
        ['crypt_ra',               crypt_header],
        ['crypt_preferred_method', crypt_header],
        ['crypt_gensalt_ra',       crypt_header]]

        have = cc.has_function(ident[0], prefix : ident[1], args : '-D_GNU_SOURCE',
                               dependencies : libcrypt)
        conf.set10('HAVE_' + ident[0].to_upper(), have)
endforeach

bpf_framework = get_option('bpf-framework')
bpf_compiler = get_option('bpf-compiler')
libbpf = dependency('libbpf',
                    required : bpf_framework,
                    version : bpf_compiler == 'gcc' ? '>= 1.4.0' : '>= 0.1.0')
conf.set10('HAVE_LIBBPF', libbpf.found())

if not libbpf.found()
        conf.set10('BPF_FRAMEWORK', false)
else
        clang_found = false
        clang_supports_bpf = false
        bpf_gcc_found = false
        bpftool_strip = false
        deps_found = false

        if bpf_compiler == 'clang'
                # Support 'versioned' clang/llvm-strip binaries, as seen on Debian/Ubuntu
                # (like clang-10/llvm-strip-10)
                if meson.is_cross_build() or cc.get_id() != 'clang' or cc.cmd_array()[0].contains('afl-clang') or cc.cmd_array()[0].contains('hfuzz-clang')
                        r = find_program('clang',
                                         required : bpf_framework,
                                         version : '>= 10.0.0')
                        clang_found = r.found()
                        if clang_found
                                clang = r.full_path()
                        endif
                else
                        clang_found = true
                        clang = cc.cmd_array()
                endif

                if clang_found
                        # Check if 'clang -target bpf' is supported.
                        clang_supports_bpf = run_command(clang, '-target', 'bpf', '--print-supported-cpus', check : false).returncode() == 0
                endif
                if bpf_framework.enabled() and not clang_supports_bpf
                        error('bpf-framework was enabled but clang does not support bpf')
                endif
        elif bpf_compiler == 'gcc'
                bpf_gcc = find_program('bpf-gcc',
                                       'bpf-none-gcc',
                                       'bpf-unknown-none-gcc',
                                       required : true,
                                       version : '>= 13.1.0')
                bpf_gcc_found = bpf_gcc.found()
        endif

        if clang_supports_bpf or bpf_gcc_found
                # Debian installs this in /usr/sbin/ which is not in $PATH.
                # We check for 'bpftool' first, honouring $PATH, and in /usr/sbin/ for Debian.
                # We use 'bpftool gen object' subcommand for bpftool strip, it was added by d80b2fcbe0a023619e0fc73112f2a02c2662f6ab (v5.13).
                bpftool = find_program('bpftool',
                                       '/usr/sbin/bpftool',
                                       required : bpf_framework.enabled() and bpf_compiler == 'gcc',
                                       version : bpf_compiler == 'gcc' ? '>= 7.0.0' : '>= 5.13.0')

                if bpftool.found()
                        bpftool_strip = true
                        deps_found = true
                elif bpf_compiler == 'clang'
                        # We require the 'bpftool gen skeleton' subcommand, it was added by 985ead416df39d6fe8e89580cc1db6aa273e0175 (v5.6).
                        bpftool = find_program('bpftool',
                                               '/usr/sbin/bpftool',
                                               required : bpf_framework,
                                               version : '>= 5.6.0')
                endif

                # We use `llvm-strip` as a fallback if `bpftool gen object` strip support is not available.
                if not bpftool_strip and bpftool.found() and clang_supports_bpf
                        if not meson.is_cross_build()
                                llvm_strip_bin = run_command(clang, '--print-prog-name', 'llvm-strip',
                                                             check : true).stdout().strip()
                        else
                                llvm_strip_bin = 'llvm-strip'
                        endif
                        llvm_strip = find_program(llvm_strip_bin,
                                                  required : bpf_framework,
                                                  version : '>= 10.0.0')
                        deps_found = llvm_strip.found()
                endif
        endif

        # Can build BPF program from source code in restricted C
        conf.set10('BPF_FRAMEWORK', deps_found)
endif

libmount = dependency('mount',
                      version : fuzzer_build ? '>= 0' : '>= 2.30')

libfdisk = dependency('fdisk',
                      version : '>= 2.32',
                      disabler : true,
                      required : get_option('fdisk'))
conf.set10('HAVE_LIBFDISK', libfdisk.found())

# This prefers pwquality if both are enabled or auto.
feature = get_option('pwquality').disable_auto_if(get_option('passwdqc').enabled())
libpwquality = dependency('pwquality',
                          version : '>= 1.4.1',
                          required : feature)
have = libpwquality.found()
if not have
        # libpwquality is used for both features for simplicity
        libpwquality = dependency('passwdqc',
                                  required : get_option('passwdqc'))
endif
conf.set10('HAVE_PWQUALITY', have)
conf.set10('HAVE_PASSWDQC', not have and libpwquality.found())

libseccomp = dependency('libseccomp',
                        version : '>= 2.3.1',
                        required : get_option('seccomp'))
conf.set10('HAVE_SECCOMP', libseccomp.found())

libselinux = dependency('libselinux',
                        version : '>= 2.1.9',
                        required : get_option('selinux'))
conf.set10('HAVE_SELINUX', libselinux.found())

libapparmor = dependency('libapparmor',
                         version : '>= 2.13',
                         required : get_option('apparmor'))
conf.set10('HAVE_APPARMOR', libapparmor.found())

have = get_option('smack') and get_option('smack-run-label') != ''
conf.set10('HAVE_SMACK_RUN_LABEL', have)
if have
        conf.set_quoted('SMACK_RUN_LABEL', get_option('smack-run-label'))
endif

have = get_option('smack') and get_option('smack-default-process-label') != ''
if have
        conf.set_quoted('SMACK_DEFAULT_PROCESS_LABEL', get_option('smack-default-process-label'))
endif

feature = get_option('polkit')
libpolkit = dependency('polkit-gobject-1',
                       required : feature.disabled() ? feature : false)
install_polkit = feature.allowed()
install_polkit_pkla = libpolkit.found() and libpolkit.version().version_compare('< 0.106')
if install_polkit_pkla
        message('Old polkit detected, will install pkla files')
endif
conf.set10('ENABLE_POLKIT', install_polkit)

libacl = dependency('libacl',
                    required : get_option('acl'))
conf.set10('HAVE_ACL', libacl.found())

libaudit = dependency('audit',
                      required : get_option('audit'))
conf.set10('HAVE_AUDIT', libaudit.found())

libblkid = dependency('blkid',
                      required : get_option('blkid'))
conf.set10('HAVE_BLKID', libblkid.found())
conf.set10('HAVE_BLKID_PROBE_SET_HINT',
           libblkid.found() and cc.has_function('blkid_probe_set_hint', dependencies : libblkid))

libkmod = dependency('libkmod',
                     version : '>= 15',
                     required : get_option('kmod'))
conf.set10('HAVE_KMOD', libkmod.found())
libkmod_cflags = libkmod.partial_dependency(includes: true, compile_args: true)

libxenctrl = dependency('xencontrol',
                        version : '>= 4.9',
                        required : get_option('xenctrl'))
conf.set10('HAVE_XENCTRL', libxenctrl.found())
libxenctrl_cflags = libxenctrl.partial_dependency(includes: true, compile_args: true)

feature = get_option('pam')
libpam = dependency('pam',
                    required : feature.disabled() ? feature : false)
if not libpam.found()
        # Debian older than bookworm and Ubuntu older than 22.10 do not provide the .pc file.
        libpam = cc.find_library('pam', required : feature)
endif
libpam_misc = dependency('pam_misc',
                         required : feature.disabled() ? feature : false)
if not libpam_misc.found()
        libpam_misc = cc.find_library('pam_misc', required : feature)
endif
conf.set10('HAVE_PAM', libpam.found() and libpam_misc.found())

libmicrohttpd = dependency('libmicrohttpd',
                           version : '>= 0.9.33',
                           required : get_option('microhttpd'))
conf.set10('HAVE_MICROHTTPD', libmicrohttpd.found())

libcryptsetup = get_option('libcryptsetup')
libcryptsetup_plugins = get_option('libcryptsetup-plugins')
if libcryptsetup_plugins.enabled()
        if libcryptsetup.disabled()
                error('libcryptsetup-plugins cannot be requested without libcryptsetup')
        endif
        libcryptsetup = libcryptsetup_plugins
endif

libcryptsetup = dependency('libcryptsetup',
                           version : libcryptsetup_plugins.enabled() ? '>= 2.4.0' : '>= 2.0.1',
                           required : libcryptsetup)

have = libcryptsetup.found()
foreach ident : ['crypt_set_metadata_size',
                 'crypt_activate_by_signed_key',
                 'crypt_token_max',
                 'crypt_reencrypt_init_by_passphrase',
                 'crypt_reencrypt',
                 'crypt_reencrypt_run',
                 'crypt_set_data_offset',
                 'crypt_set_keyring_to_link',
                 'crypt_resume_by_volume_key',
                 'crypt_token_set_external_path']
        have_ident = have and cc.has_function(
                ident,
                prefix : '#include <libcryptsetup.h>',
                # crypt_reencrypt() raises a deprecation warning so make sure -Wno-deprecated-declarations is
                # specified otherwise we fail to detect crypt_reencrypt() if -Werror is used.
                args : '-Wno-deprecated-declarations',
                dependencies : libcryptsetup)
        conf.set10('HAVE_' + ident.to_upper(), have_ident)
endforeach
conf.set10('HAVE_LIBCRYPTSETUP', have)

# TODO: Use has_function(required : libcryptsetup_plugins) with meson >= 1.3.0
if libcryptsetup_plugins.allowed()
        have = (cc.has_function(
                        'crypt_activate_by_token_pin',
                        prefix : '#include <libcryptsetup.h>',
                        dependencies : libcryptsetup) and
                cc.has_function(
                        'crypt_token_external_path',
                        prefix : '#include <libcryptsetup.h>',
                        dependencies : libcryptsetup))
else
        have = false
endif
conf.set10('HAVE_LIBCRYPTSETUP_PLUGINS', have)

libcurl = dependency('libcurl',
                     version : '>= 7.32.0',
                     required : get_option('libcurl'))
conf.set10('HAVE_LIBCURL', libcurl.found())
conf.set10('CURL_NO_OLDIES', conf.get('BUILD_MODE_DEVELOPER') == 1)

feature = get_option('libidn2').disable_auto_if(get_option('libidn').enabled())
libidn = dependency('libidn2',
                    required : feature)
have = libidn.found()
if not have
        # libidn is used for both libidn and libidn2 objects
        libidn = dependency('libidn',
                            required : get_option('libidn'))
endif
conf.set10('HAVE_LIBIDN', not have and libidn.found())
conf.set10('HAVE_LIBIDN2', have)

libiptc = dependency('libiptc',
                     required : get_option('libiptc'))
conf.set10('HAVE_LIBIPTC', libiptc.found())
libiptc_cflags = libiptc.partial_dependency(includes: true, compile_args: true)

libqrencode = dependency('libqrencode',
                         version : '>= 3',
                         required : get_option('qrencode'))
conf.set10('HAVE_QRENCODE', libqrencode.found())

feature = get_option('gcrypt')
libgcrypt = dependency('libgcrypt',
                       required : feature)
libgpg_error = dependency('gpg-error',
                          required : feature.disabled() ? feature : false)
if not libgpg_error.found()
        # CentOS 8 does not provide the .pc file.
        libgpg_error = cc.find_library('gpg-error', required : feature)
endif

have = libgcrypt.found() and libgpg_error.found()
if not have
        # link to neither of the libs if one is not found
        libgcrypt = []
        libgpg_error = []
        libgcrypt_cflags = []
else
        libgcrypt_cflags = libgcrypt.partial_dependency(includes: true, compile_args: true)
endif
conf.set10('HAVE_GCRYPT', have)

libgnutls = dependency('gnutls',
                       version : '>= 3.1.4',
                       required : get_option('gnutls'))
conf.set10('HAVE_GNUTLS', libgnutls.found())

libopenssl = dependency('openssl',
                        version : '>= 1.1.0',
                        required : get_option('openssl'))
conf.set10('HAVE_OPENSSL', libopenssl.found())

libp11kit = dependency('p11-kit-1',
                       version : '>= 0.23.3',
                       required : get_option('p11kit'))
conf.set10('HAVE_P11KIT', libp11kit.found())
libp11kit_cflags = libp11kit.partial_dependency(includes: true, compile_args: true)

feature = get_option('libfido2').require(
        conf.get('HAVE_OPENSSL') == 1,
        error_message : 'openssl required')
libfido2 = dependency('libfido2',
                      required : feature)
conf.set10('HAVE_LIBFIDO2', libfido2.found())

tpm2 = dependency('tss2-esys tss2-rc tss2-mu tss2-tcti-device',
                  required : get_option('tpm2'))
conf.set10('HAVE_TPM2', tpm2.found())
conf.set10('HAVE_TSS2_ESYS3', tpm2.found() and tpm2.version().version_compare('>= 3.0.0'))

libdw = dependency('libdw',
                   required : get_option('elfutils'))
conf.set10('HAVE_ELFUTILS', libdw.found())
# New in elfutils 0.177
conf.set10('HAVE_DWELF_ELF_E_MACHINE_STRING',
           libdw.found() and cc.has_function('dwelf_elf_e_machine_string', dependencies : libdw))

# New in elfutils 0.192
conf.set10('HAVE_DWFL_SET_SYSROOT',
           libdw.found() and cc.has_function('dwfl_set_sysroot', dependencies : libdw))

libz = dependency('zlib',
                  required : get_option('zlib'))
conf.set10('HAVE_ZLIB', libz.found())

feature = get_option('bzip2')
libbzip2 = dependency('bzip2',
                      required : feature.disabled() ? feature : false)
if not libbzip2.found()
        # Debian and Ubuntu do not provide the .pc file.
        libbzip2 = cc.find_library('bz2', required : feature)
endif
conf.set10('HAVE_BZIP2', libbzip2.found())

libxz = dependency('liblzma',
                   required : get_option('xz'))
conf.set10('HAVE_XZ', libxz.found())
libxz_cflags = libxz.partial_dependency(includes: true, compile_args: true)

liblz4 = dependency('liblz4',
                    version : '>= 1.3.0',
                    required : get_option('lz4'))
conf.set10('HAVE_LZ4', liblz4.found())
liblz4_cflags = liblz4.partial_dependency(includes: true, compile_args: true)

libzstd = dependency('libzstd',
                     version : '>= 1.4.0',
                     required : get_option('zstd'))
conf.set10('HAVE_ZSTD', libzstd.found())
libzstd_cflags = libzstd.partial_dependency(includes: true, compile_args: true)

conf.set10('HAVE_COMPRESSION', libxz.found() or liblz4.found() or libzstd.found())

compression = get_option('default-compression')
if compression == 'auto'
        if libzstd.found()
                compression = 'zstd'
        elif liblz4.found()
                compression = 'lz4'
        elif libxz.found()
                compression = 'xz'
        else
                compression = 'none'
        endif
elif compression == 'zstd' and not libzstd.found()
        error('default-compression=zstd requires zstd')
elif compression == 'lz4' and not liblz4.found()
        error('default-compression=lz4 requires lz4')
elif compression == 'xz' and not libxz.found()
        error('default-compression=xz requires xz')
endif
# In the dlopen ELF note we save the default compression library with a
# higher priority, so that packages can give it priority over the
# secondary libraries.
conf.set_quoted('COMPRESSION_PRIORITY_ZSTD',
                compression == 'zstd' ? 'recommended' : 'suggested')
conf.set_quoted('COMPRESSION_PRIORITY_LZ4',
                compression == 'lz4' ? 'recommended' : 'suggested')
conf.set_quoted('COMPRESSION_PRIORITY_XZ',
                compression == 'xz' ? 'recommended' : 'suggested')
conf.set('DEFAULT_COMPRESSION', 'COMPRESSION_@0@'.format(compression.to_upper()))

libarchive = dependency('libarchive',
                        version : '>= 3.0',
                        required : get_option('libarchive'))
conf.set10('HAVE_LIBARCHIVE', libarchive.found())

libxkbcommon = dependency('xkbcommon',
                          version : '>= 0.3.0',
                          required : get_option('xkbcommon'))
conf.set10('HAVE_XKBCOMMON', libxkbcommon.found())

libpcre2 = dependency('libpcre2-8',
                      required : get_option('pcre2'))
conf.set10('HAVE_PCRE2', libpcre2.found())

libglib =    dependency('glib-2.0',
                        version : '>= 2.22.0',
                        required : get_option('glib'))
libgobject = dependency('gobject-2.0',
                        version : '>= 2.22.0',
                        required : get_option('glib'))
libgio =     dependency('gio-2.0',
                        required : get_option('glib'))
conf.set10('HAVE_GLIB', libglib.found() and libgobject.found() and libgio.found())

libdbus = dependency('dbus-1',
                     version : '>= 1.3.2',
                     required : get_option('dbus'))
conf.set10('HAVE_DBUS', libdbus.found())

dbusdatadir = libdbus.get_variable(pkgconfig: 'datadir', default_value: datadir) / 'dbus-1'

dbuspolicydir = get_option('dbuspolicydir')
if dbuspolicydir == ''
        dbuspolicydir = dbusdatadir / 'system.d'
endif

dbussessionservicedir = get_option('dbussessionservicedir')
if dbussessionservicedir == ''
        dbussessionservicedir = libdbus.get_variable(pkgconfig: 'session_bus_services_dir', default_value: dbusdatadir / 'services')
endif

dbussystemservicedir = get_option('dbussystemservicedir')
if dbussystemservicedir == ''
        dbussystemservicedir = libdbus.get_variable(pkgconfig: 'system_bus_services_dir', default_value: dbusdatadir / 'system-services')
endif

dbus_interfaces_dir = get_option('dbus-interfaces-dir')
if dbus_interfaces_dir == '' or dbus_interfaces_dir == 'yes'
        if meson.is_cross_build() and dbus_interfaces_dir != 'yes'
                dbus_interfaces_dir = 'no'
                warning('Exporting D-Bus interface XML files is disabled during cross build. Pass path or "yes" to force enable.')
        else
                dbus_interfaces_dir = libdbus.get_variable(pkgconfig: 'interfaces_dir', default_value: dbusdatadir / 'interfaces')
        endif
endif

dmi_arches = ['x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'loongarch64', 'mips']
conf.set10('HAVE_DMI', host_machine.cpu_family() in dmi_arches)

# We support one or the other. If gcrypt is available, we assume it's there to
# be used, and use it in preference.
opt = get_option('cryptolib')
if opt == 'openssl' and conf.get('HAVE_OPENSSL') == 0
        error('openssl requested as the default cryptolib, but not available')
endif
conf.set10('PREFER_OPENSSL',
           opt == 'openssl' or (opt == 'auto' and conf.get('HAVE_OPENSSL') == 1 and conf.get('HAVE_GCRYPT') == 0))
conf.set10('HAVE_OPENSSL_OR_GCRYPT',
           conf.get('HAVE_OPENSSL') == 1 or conf.get('HAVE_GCRYPT') == 1)
lib_openssl_or_gcrypt = conf.get('PREFER_OPENSSL') == 1 ? [libopenssl] : [libgcrypt, libgpg_error]

dns_over_tls = get_option('dns-over-tls')
if dns_over_tls != 'false'
        if dns_over_tls == 'gnutls' and conf.get('PREFER_OPENSSL') == 1
                error('Sorry, -Ddns-over-tls=gnutls is not supported when openssl is used as the cryptolib')
        endif

        if dns_over_tls == 'gnutls'
                have_openssl = false
        else
                have_openssl = conf.get('HAVE_OPENSSL') == 1
                if dns_over_tls == 'openssl' and not have_openssl
                        error('DNS-over-TLS support was requested with openssl, but dependencies are not available')
                endif
        endif
        if dns_over_tls == 'openssl' or have_openssl
                have_gnutls = false
        else
                have_gnutls = conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.6.0')
                if dns_over_tls != 'auto' and not have_gnutls
                        str = dns_over_tls == 'gnutls' ? ' with gnutls' : ''
                        error('DNS-over-TLS support was requested@0@, but dependencies are not available'.format(str))
                endif
        endif
        have = have_gnutls or have_openssl
else
        have = false
        have_gnutls = false
        have_openssl = false
endif
conf.set10('ENABLE_DNS_OVER_TLS', have)
conf.set10('DNS_OVER_TLS_USE_GNUTLS', have_gnutls)
conf.set10('DNS_OVER_TLS_USE_OPENSSL', have_openssl)

default_dns_over_tls = get_option('default-dns-over-tls')
if default_dns_over_tls != 'no' and conf.get('ENABLE_DNS_OVER_TLS') == 0
        message('default-dns-over-tls cannot be enabled or set to opportunistic when DNS-over-TLS support is disabled. Setting default-dns-over-tls to no.')
        default_dns_over_tls = 'no'
endif
conf.set('DEFAULT_DNS_OVER_TLS_MODE',
         'DNS_OVER_TLS_' + default_dns_over_tls.underscorify().to_upper())
conf.set_quoted('DEFAULT_DNS_OVER_TLS_MODE_STR', default_dns_over_tls)

default_mdns = get_option('default-mdns')
conf.set('DEFAULT_MDNS_MODE',
         'RESOLVE_SUPPORT_' + default_mdns.to_upper())
conf.set_quoted('DEFAULT_MDNS_MODE_STR', default_mdns)

default_llmnr = get_option('default-llmnr')
conf.set('DEFAULT_LLMNR_MODE',
         'RESOLVE_SUPPORT_' + default_llmnr.to_upper())
conf.set_quoted('DEFAULT_LLMNR_MODE_STR', default_llmnr)

have = get_option('repart').require(
        conf.get('HAVE_LIBFDISK') == 1,
        error_message : 'fdisk required').allowed()
conf.set10('ENABLE_REPART', have)

default_dnssec = get_option('default-dnssec')
if default_dnssec != 'no' and conf.get('HAVE_OPENSSL_OR_GCRYPT') == 0
        message('default-dnssec cannot be set to yes or allow-downgrade openssl and gcrypt are disabled. Setting default-dnssec to no.')
        default_dnssec = 'no'
endif
conf.set('DEFAULT_DNSSEC_MODE',
         'DNSSEC_' + default_dnssec.underscorify().to_upper())
conf.set_quoted('DEFAULT_DNSSEC_MODE_STR', default_dnssec)

have = get_option('sysupdate').require(
        conf.get('HAVE_OPENSSL') == 1 and
        conf.get('HAVE_LIBFDISK') == 1,
        error_message : 'fdisk and openssl required').allowed()
conf.set10('ENABLE_SYSUPDATE', have)

conf.set10('ENABLE_STORAGETM', get_option('storagetm'))

have = get_option('importd').require(
        conf.get('HAVE_LIBCURL') == 1 and
        conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 and
        conf.get('HAVE_ZLIB') == 1 and
        conf.get('HAVE_XZ') == 1,
        error_message : 'curl, openssl/grypt, zlib and xz required').allowed()
conf.set10('ENABLE_IMPORTD', have)

have = get_option('homed').require(
        conf.get('HAVE_OPENSSL') == 1 and
        conf.get('HAVE_LIBFDISK') == 1 and
        conf.get('HAVE_LIBCRYPTSETUP') == 1 and
        conf.get('HAVE_CRYPT_RESUME_BY_VOLUME_KEY') == 1,
        error_message : 'openssl, fdisk and libcryptsetup required').allowed()
conf.set10('ENABLE_HOMED', have)

have = have and conf.get('HAVE_PAM') == 1
conf.set10('ENABLE_PAM_HOME', have)

feature = get_option('remote')
have_deps = [conf.get('HAVE_MICROHTTPD') == 1,
             conf.get('HAVE_LIBCURL') == 1]
# sd-j-remote requires µhttpd, and sd-j-upload requires libcurl, so
# it's possible to build one without the other. Complain only if
# support was explicitly requested. The auxiliary files like sysusers
# config should be installed when any of the programs are built.
if feature.enabled() and not (have_deps[0] and have_deps[1])
        error('remote support was requested, but dependencies are not available')
endif
have = feature.allowed() and (have_deps[0] or have_deps[1])
conf.set10('ENABLE_REMOTE', have)

feature = get_option('vmspawn').disable_auto_if(conf.get('BUILD_MODE_DEVELOPER') == 0)
conf.set10('ENABLE_VMSPAWN', feature.allowed())

conf.set10('DEFAULT_MOUNTFSD_TRUSTED_DIRECTORIES', get_option('default-mountfsd-trusted-directories'))

foreach term : ['analyze',
                'backlight',
                'binfmt',
                'compat-mutable-uid-boundaries',
                'coredump',
                'efi',
                'environment-d',
                'firstboot',
                'gshadow',
                'hibernate',
                'hostnamed',
                'hwdb',
                'idn',
                'ima',
                'ipe',
                'initrd',
                'kernel-install',
                'ldconfig',
                'localed',
                'logind',
                'machined',
                'mountfsd',
                'networkd',
                'nsresourced',
                'nss-myhostname',
                'nss-systemd',
                'oomd',
                'portabled',
                'pstore',
                'quotacheck',
                'randomseed',
                'resolve',
                'rfkill',
                'smack',
                'sysext',
                'sysusers',
                'timedated',
                'timesyncd',
                'tmpfiles',
                'tpm',
                'userdb',
                'utmp',
                'vconsole',
                'xdg-autostart']
        have = get_option(term)
        name = 'ENABLE_' + term.underscorify().to_upper()
        conf.set10(name, have)
endforeach

enable_sysusers = conf.get('ENABLE_SYSUSERS') == 1

foreach tuple : [['nss-mymachines', 'machined'],
                 ['nss-resolve',    'resolve']]
        want = get_option(tuple[0])
        if want.allowed()
                have = get_option(tuple[1])
                if want.enabled() and not have
                        error('@0@ is requested but @1@ is disabled'.format(tuple[0], tuple[1]))
                endif
        else
                have = false
        endif
        name = 'ENABLE_' + tuple[0].underscorify().to_upper()
        conf.set10(name, have)
endforeach

enable_nss = false
foreach term : ['ENABLE_NSS_MYHOSTNAME',
                'ENABLE_NSS_MYMACHINES',
                'ENABLE_NSS_RESOLVE',
                'ENABLE_NSS_SYSTEMD']
        if conf.get(term) == 1
                enable_nss = true
        endif
endforeach
conf.set10('ENABLE_NSS', enable_nss)

conf.set10('ENABLE_TIMEDATECTL', get_option('timedated') or get_option('timesyncd'))

conf.set10('ENABLE_SSH_PROXY_CONFIG', sshconfdir != 'no')
conf.set10('ENABLE_SSH_USERDB_CONFIG', conf.get('ENABLE_USERDB') == 1 and sshdconfdir != 'no')

conf.set10('SYSTEMD_SLOW_TESTS_DEFAULT', want_slow_tests)

#####################################################################

pymod = import('python')
python = pymod.find_installation('python3', required : true, modules : ['jinja2'])
python_39 = python.language_version().version_compare('>=3.9')

#####################################################################

if conf.get('BPF_FRAMEWORK') == 1
        bpf_clang_flags = [
                '-std=gnu11',
                '-Wno-compare-distinct-pointer-types',
                '-fno-stack-protector',
                '-O2',
                '-target',
                'bpf',
                '-g',
                '-c',
        ]

        bpf_gcc_flags = [
                '-std=gnu11',
                '-fno-stack-protector',
                '-fno-ssa-phiopt',
                '-O2',
                '-mcpu=v3',
                '-mco-re',
                '-gbtf',
                '-c',
        ]

        # If c_args contains these flags copy them along with the values, in order to avoid breaking
        # reproducible builds and other functionality
        propagate_cflags = [
                '-ffile-prefix-map=',
                '-fdebug-prefix-map=',
                '-fmacro-prefix-map=',
                '--sysroot=',
        ]

        foreach opt : c_args
                foreach flag : propagate_cflags
                        if opt.startswith(flag)
                                bpf_clang_flags += [opt]
                                bpf_gcc_flags += [opt]
                                break
                        endif
                endforeach
        endforeach

        # Generate defines that are appropriate to tell the compiler what architecture
        # we're compiling for. By default we just map meson's cpu_family to __<cpu_family>__.
        # This dictionary contains the exceptions where this doesn't work.
        #
        # C.f. https://mesonbuild.com/Reference-tables.html#cpu-families
        # and src/basic/missing_syscall_def.h.
        cpu_arch_defines = {
                'ppc'     : ['-D__powerpc__', '-D__TARGET_ARCH_powerpc'],
                'ppc64'   : ['-D__powerpc64__', '-D__TARGET_ARCH_powerpc', '-D_CALL_ELF=2'],
                'riscv32' : ['-D__riscv', '-D__riscv_xlen=32', '-D__TARGET_ARCH_riscv'],
                'riscv64' : ['-D__riscv', '-D__riscv_xlen=64', '-D__TARGET_ARCH_riscv'],
                'x86'     : ['-D__i386__', '-D__TARGET_ARCH_x86'],
                's390x'   : ['-D__s390__', '-D__s390x__', '-D__TARGET_ARCH_s390'],

                # For arm, assume hardware fp is available.
                'arm'     : ['-D__arm__', '-D__ARM_PCS_VFP', '-D__TARGET_ARCH_arm'],
        }

        bpf_arch_flags = cpu_arch_defines.get(host_machine.cpu_family(),
                                              ['-D__@0@__'.format(host_machine.cpu_family())])
        if bpf_compiler == 'gcc'
                bpf_arch_flags += ['-m' + host_machine.endian() + '-endian']
        endif

        libbpf_include_dir = libbpf.get_variable(pkgconfig : 'includedir')

        bpf_o_unstripped_cmd = []
        if bpf_compiler == 'clang'
                bpf_o_unstripped_cmd += [
                        clang,
                        bpf_clang_flags,
                        bpf_arch_flags,
                ]
        elif bpf_compiler == 'gcc'
                bpf_o_unstripped_cmd += [
                        bpf_gcc,
                        bpf_gcc_flags,
                        bpf_arch_flags,
                ]
        endif

        bpf_o_unstripped_cmd += ['-I.']

        if cc.get_id() == 'gcc' or meson.is_cross_build()
                if cc.get_id() != 'gcc'
                        warning('Cross compiler is not gcc. Guessing the target triplet for bpf likely fails.')
                endif
                target_triplet_cmd = run_command(cc.cmd_array(), '-print-multiarch', check: false)
        else
                # clang does not support -print-multiarch (D133170) and its -dump-machine
                # does not match multiarch. Query gcc instead.
                target_triplet_cmd = run_command('gcc', '-print-multiarch', check: false)
        endif
        if target_triplet_cmd.returncode() == 0
                target_triplet = target_triplet_cmd.stdout().strip()
                bpf_o_unstripped_cmd += [
                        '-isystem',
                        '/usr/include/@0@'.format(target_triplet)
                ]
        endif

        bpf_o_unstripped_cmd += [
                '-idirafter',
                libbpf_include_dir,
                '@INPUT@',
                '-o',
                '@OUTPUT@'
        ]

        if bpftool_strip
                bpf_o_cmd = [
                        bpftool,
                        'gen',
                        'object',
                        '@OUTPUT@',
                        '@INPUT@'
                ]
        elif bpf_compiler == 'clang'
                bpf_o_cmd = [
                        llvm_strip,
                        '-g',
                        '@INPUT@',
                        '-o',
                        '@OUTPUT@'
                ]
        endif

        skel_h_cmd = [
                bpftool,
                'gen',
                'skeleton',
                '@INPUT@'
        ]
endif

#####################################################################

efi_arch = {
        'aarch64'     : 'aa64',
        'arm'         : 'arm',
        'loongarch32' : 'loongarch32',
        'loongarch64' : 'loongarch64',
        'riscv32'     : 'riscv32',
        'riscv64'     : 'riscv64',
        'x86_64'      : 'x64',
        'x86'         : 'ia32',
}.get(host_machine.cpu_family(), '')

pyelftools = pymod.find_installation('python3',
                                     required : get_option('bootloader'),
                                     modules : ['elftools'])

have = get_option('bootloader').require(
        pyelftools.found() and get_option('efi') and efi_arch != '',
        error_message : 'unsupported EFI arch or EFI support is disabled').allowed()
conf.set10('ENABLE_BOOTLOADER', have)
conf.set_quoted('EFI_MACHINE_TYPE_NAME', have ? efi_arch : '')

efi_arch_alt = ''
efi_cpu_family_alt = ''
if have and efi_arch == 'x64' and cc.links('''
                #include <limits.h>
                int main(int argc, char *argv[]) {
                        return __builtin_popcount(argc - CHAR_MAX);
                }''', args : ['-m32', '-march=i686'], name : '32bit build possible')
        efi_arch_alt = 'ia32'
        efi_cpu_family_alt = 'x86'
endif

pefile = pymod.find_installation('python3', required: false, modules : ['pefile'])

want_ukify = get_option('ukify').require(python_39 and (want_tests != 'true' or pefile.found()), error_message : 'Python >= 3.9 and pefile required').allowed()
conf.set10('ENABLE_UKIFY', want_ukify)

#####################################################################

check_efi_alignment_py = find_program('tools/check-efi-alignment.py')

#####################################################################

use_provided_vmlinux_h = false
use_generated_vmlinux_h = false
provided_vmlinux_h_path = get_option('vmlinux-h-path')

# For the more complex BPF programs we really want a vmlinux.h (which is arch
# specific, but only somewhat bound to kernel version). Ideally the kernel
# development headers would ship that, but right now they don't. Hence address
# this in two ways:
#
# 1. Provide a vmlinux.h at build time
# 2. Generate the file on the fly where possible (which requires /sys/ to be mounted)
#
# We generally prefer the former (to support reproducible builds), but will
# fallback to the latter.

if conf.get('BPF_FRAMEWORK') == 1
        enable_vmlinux_h = get_option('vmlinux-h')

        if enable_vmlinux_h == 'auto'
                if provided_vmlinux_h_path != ''
                        use_provided_vmlinux_h = true
                elif fs.exists('/sys/kernel/btf/vmlinux') and \
                                bpftool.found() and \
                                (host_machine.cpu_family() == build_machine.cpu_family()) and \
                                host_machine.cpu_family() in ['x86_64', 'aarch64']

                        # We will only generate a vmlinux.h from the running
                        # kernel if the host and build machine are of the same
                        # family. Also for now we focus on x86_64 and aarch64,
                        # since other archs don't seem to be ready yet.

                        use_generated_vmlinux_h = true
                endif
        elif enable_vmlinux_h == 'provided'
                use_provided_vmlinux_h = true
        elif enable_vmlinux_h == 'generated'
                if not fs.exists('/sys/kernel/btf/vmlinux')
                        error('BTF data from kernel not available (/sys/kernel/btf/vmlinux missing), cannot generate vmlinux.h, but was asked to.')
                endif
                if not bpftool.found()
                        error('bpftool not available, cannot generate vmlinux.h, but was asked to.')
                endif
                use_generated_vmlinux_h = true
        endif
endif

if use_provided_vmlinux_h
        if not fs.exists(provided_vmlinux_h_path)
                error('Path to provided vmlinux.h does not exist.')
        endif
        vmlinux_h_dependency = []
        bpf_o_unstripped_cmd += ['-I' + fs.parent(provided_vmlinux_h_path)]
        message('Using provided @0@'.format(provided_vmlinux_h_path))
elif use_generated_vmlinux_h
        vmlinux_h_dependency = custom_target(
                'vmlinux.h',
                output: 'vmlinux.h',
                command : [ bpftool, 'btf', 'dump', 'file', '/sys/kernel/btf/vmlinux', 'format', 'c' ],
                capture : true)

        bpf_o_unstripped_cmd += ['-I' + fs.parent(vmlinux_h_dependency.full_path())]
        message('Using generated @0@'.format(vmlinux_h_dependency.full_path()))
else
        message('Using neither provided nor generated vmlinux.h, some features will not be available.')
endif

conf.set10('HAVE_VMLINUX_H', use_provided_vmlinux_h or use_generated_vmlinux_h)

#####################################################################

check_version_history_py = find_program('tools/check-version-history.py')
elf2efi_py = find_program('tools/elf2efi.py')
export_dbus_interfaces_py = find_program('tools/dbus_exporter.py')
generate_gperfs = find_program('tools/generate-gperfs.py')
make_autosuspend_rules_py = find_program('tools/make-autosuspend-rules.py')
make_directive_index_py = find_program('tools/make-directive-index.py')
sync_docs_py = find_program('tools/sync-docs.py')
make_man_index_py = find_program('tools/make-man-index.py')
meson_render_jinja2 = find_program('tools/meson-render-jinja2.py')
update_dbus_docs_py = find_program('tools/update-dbus-docs.py')
update_hwdb_autosuspend_sh = find_program('tools/update-hwdb-autosuspend.sh')
update_hwdb_sh = find_program('tools/update-hwdb.sh')
update_man_rules_py = find_program('tools/update-man-rules.py')
update_syscall_tables_sh = find_program('tools/update-syscall-tables.sh')
xml_helper_py = find_program('tools/xml_helper.py')

#####################################################################

version_tag = get_option('version-tag')
if version_tag == ''
        version_tag = meson.project_version()
endif

conf.set_quoted('VERSION_TAG', version_tag)

vcs_tag = get_option('vcs-tag')
version_h = vcs_tag(
        input : 'src/version/version.h.in',
        output : 'version.h',
        fallback : '',
        command : [vcs_tag ? 'tools/vcs-tag.sh' : 'true', get_option('mode')],
)

shared_lib_tag = get_option('shared-lib-tag')
if shared_lib_tag == ''
        shared_lib_tag = project_major_version
endif

#####################################################################

if get_option('b_coverage')
        userspace_c_args += ['-include', 'src/basic/coverage.h']
endif

#####################################################################

config_h = configure_file(
        output : 'config.h',
        configuration : conf)

userspace_c_args += ['-include', 'config.h']

jinja2_cmdline = [meson_render_jinja2, config_h]

userspace = declare_dependency(
        compile_args : userspace_c_args,
        link_args : userspace_c_ld_args,
        sources : version_h,
)

man_page_depends = []

#####################################################################

simple_tests = []
libsystemd_tests = []
simple_fuzzers = []
catalogs = []
modules = [] # nss, pam, and other plugins
executables = []
executables_by_name = {}
fuzzer_exes = []

# binaries that have --help and are intended for use by humans,
# usually, but not always, installed in /bin.
public_programs = []

# D-Bus introspection XML export
dbus_programs = []

# A list of boot stubs. Required for testing of ukify.
boot_stubs = []

build_dir_include = include_directories('.')

basic_includes = include_directories(
        'src/basic',
        'src/fundamental',
        'src/systemd',
        '.')

libsystemd_includes = [basic_includes, include_directories(
        'src/libsystemd/sd-bus',
        'src/libsystemd/sd-device',
        'src/libsystemd/sd-event',
        'src/libsystemd/sd-hwdb',
        'src/libsystemd/sd-id128',
        'src/libsystemd/sd-journal',
        'src/libsystemd/sd-json',
        'src/libsystemd/sd-netlink',
        'src/libsystemd/sd-network',
        'src/libsystemd/sd-path',
        'src/libsystemd/sd-resolve',
        'src/libsystemd/sd-varlink')]

includes = [libsystemd_includes, include_directories('src/shared')]

subdir('po')
subdir('catalog')
subdir('src/fundamental')
subdir('src/basic')
subdir('src/libsystemd')
subdir('src/shared')
subdir('src/libudev')

libsystemd = shared_library(
        'systemd',
        version : libsystemd_version,
        include_directories : libsystemd_includes,
        link_args : ['-shared',
                     # Make sure our library is never deleted from memory, so that our open logging fds don't leak on dlopen/dlclose cycles.
                     '-z', 'nodelete',
                     '-Wl,--version-script=' + libsystemd_sym_path],
        link_with : [libbasic_static],
        link_whole : [libsystemd_static],
        dependencies : [librt,
                        threads,
                        userspace],
        link_depends : libsystemd_sym,
        install : true,
        install_tag: 'libsystemd',
        install_dir : libdir)

install_libsystemd_static = static_library(
        'systemd',
        libsystemd_sources,
        basic_sources,
        fundamental_sources,
        include_directories : libsystemd_includes,
        build_by_default : static_libsystemd != 'false',
        install : static_libsystemd != 'false',
        install_tag: 'libsystemd',
        install_dir : libdir,
        pic : static_libsystemd_pic,
        dependencies : [libblkid,
                        libcap,
                        libdl,
                        libgcrypt_cflags,
                        liblz4_cflags,
                        libm,
                        libmount,
                        libopenssl,
                        librt,
                        libxz_cflags,
                        libzstd_cflags,
                        threads,
                        userspace],
        c_args : libsystemd_c_args + (static_libsystemd_pic ? [] : ['-fno-PIC']))

if static_libsystemd != 'false'
        alias_target('libsystemd', libsystemd, install_libsystemd_static)
else
        alias_target('libsystemd', libsystemd)
endif

libudev = shared_library(
        'udev',
        version : libudev_version,
        include_directories : includes,
        link_args : ['-shared',
                     '-Wl,--version-script=' + libudev_sym_path],
        link_with : [libsystemd_static, libshared_static],
        link_whole : libudev_basic,
        dependencies : [threads,
                        userspace],
        link_depends : libudev_sym,
        install : true,
        install_tag: 'libudev',
        install_dir : libdir)

install_libudev_static = static_library(
        'udev',
        basic_sources,
        fundamental_sources,
        shared_sources,
        libsystemd_sources,
        libudev_sources,
        include_directories : includes,
        build_by_default : static_libudev != 'false',
        install : static_libudev != 'false',
        install_tag: 'libudev',
        install_dir : libdir,
        link_depends : libudev_sym,
        dependencies : [libmount,
                        libshared_deps,
                        userspace],
        c_args : static_libudev_pic ? [] : ['-fno-PIC'],
        pic : static_libudev_pic)

if static_libudev != 'false'
        alias_target('libudev', libudev, install_libudev_static)
else
        alias_target('libudev', libudev)
endif

#####################################################################

runtest_env = custom_target(
        'systemd-runtest.env',
        output : 'systemd-runtest.env',
        command : [sh, '-c',
                   '{ echo SYSTEMD_TEST_DATA=@0@; echo SYSTEMD_CATALOG_DIR=@1@; } >@OUTPUT@'.format(
                           project_source_root / 'test',
                           project_build_root / 'catalog')],
        depends : catalogs,
        build_by_default : true)

test_cflags = ['-DTEST_CODE=1']
# We intentionally do not do inline initializations with definitions for a
# bunch of _cleanup_ variables in tests, to ensure valgrind is triggered if we
# use the variable unexpectedly. This triggers a lot of maybe-uninitialized
# false positives when the combination of -O2 and -flto is used. Suppress them.
if '-O2' in c_args and '-flto=auto' in c_args
        test_cflags += cc.first_supported_argument('-Wno-maybe-uninitialized')
endif

#####################################################################

executable_template = {
        'include_directories' : includes,
        'link_with' : libshared,
        'install_rpath' : pkglibdir,
        'install' : true,
}

generator_template = executable_template + {
        'install_dir' : systemgeneratordir,
}

libexec_template = executable_template + {
        'install_dir' : libexecdir,
}

executable_additional_kwargs = {
        'dependencies' : userspace,
}

test_template = executable_template + {
        'build_by_default' : want_tests != 'false',
        'install' : install_tests,
        'install_dir' : unittestsdir,
}

test_additional_kwargs = {
        'c_args' : test_cflags,
        'link_depends' : runtest_env,
}

fuzz_template = executable_template + {
        'build_by_default' : fuzzer_build,
        'install' : false,
}

if want_ossfuzz or (want_libfuzzer and fuzzing_engine.found())
        fuzz_additional_kwargs = {
                'dependencies' : fuzzing_engine,
        }
elif want_libfuzzer and not fuzzing_engine.found()
        fuzz_additional_kwargs = {
                'link_args' : ['-fsanitize=fuzzer'],
        }
else
        fuzz_additional_kwargs = {
                'sources' : files('src/fuzz/fuzz-main.c'),
        }
endif
fuzz_additional_kwargs += {
        'include_directories' : include_directories('src/fuzz'),
        'c_args' : test_cflags,
}

nss_template = {
        'version' : '2',
        'include_directories' : includes,
        # Note that we link NSS modules with '-z nodelete' so that mempools never get orphaned
        'link_args' : ['-z', 'nodelete'],
        'link_with' : [
                libsystemd_static,
                libshared_static,
                libbasic_static,
        ],
        'dependencies' : [
                librt,
                threads,
        ],
        'install' : true,
        'install_tag' : 'nss',
        'install_dir' : libdir,
}

pam_template = {
        'name_prefix' : '',
        'include_directories' : includes,
        'link_with' : [
                libsystemd_static,
                libshared_static,
        ],
        'dependencies' : [
                libpam_misc,
                libpam,
                threads,
        ],
        'install' : true,
        'install_tag' : 'pam',
        'install_dir' : pamlibdir,
}

module_additional_kwargs = {
        'link_args' : ['-shared'],
        'dependencies' : userspace,
}

#####################################################################

# systemd-analyze requires 'libcore'
subdir('src/core')
# systemd-networkd requires 'libsystemd_network'
subdir('src/libsystemd-network')
# hwdb requires 'udev_link_with' and 'udev_rpath'
subdir('src/udev')

subdir('src/ac-power')
subdir('src/analyze')
subdir('src/ask-password')
subdir('src/backlight')
subdir('src/battery-check')
subdir('src/binfmt')
subdir('src/boot')
subdir('src/boot/efi')
subdir('src/busctl')
subdir('src/cgls')
subdir('src/cgroups-agent')
subdir('src/cgtop')
subdir('src/coredump')
subdir('src/creds')
subdir('src/cryptenroll')
subdir('src/cryptsetup')
subdir('src/debug-generator')
subdir('src/delta')
subdir('src/detect-virt')
subdir('src/dissect')
subdir('src/environment-d-generator')
subdir('src/escape')
subdir('src/firstboot')
subdir('src/fsck')
subdir('src/fstab-generator')
subdir('src/getty-generator')
subdir('src/gpt-auto-generator')
subdir('src/hibernate-resume')
subdir('src/home')
subdir('src/hostname')
subdir('src/hwdb')
subdir('src/id128')
subdir('src/import')
subdir('src/initctl')
subdir('src/integritysetup')
subdir('src/journal')
subdir('src/journal-remote')
subdir('src/kernel-install')
subdir('src/locale')
subdir('src/login')
subdir('src/machine')
subdir('src/machine-id-setup')
subdir('src/mountfsd')
subdir('src/modules-load')
subdir('src/mount')
subdir('src/network')
subdir('src/notify')
subdir('src/nspawn')
subdir('src/nsresourced')
subdir('src/nss-myhostname')
subdir('src/nss-mymachines')
subdir('src/nss-resolve')
subdir('src/nss-systemd')
subdir('src/oom')
subdir('src/partition')
subdir('src/path')
subdir('src/pcrextend')
subdir('src/pcrlock')
subdir('src/portable')
subdir('src/pstore')
subdir('src/quotacheck')
subdir('src/random-seed')
subdir('src/rc-local-generator')
subdir('src/remount-fs')
subdir('src/reply-password')
subdir('src/resolve')
subdir('src/rfkill')
subdir('src/rpm')
subdir('src/run')
subdir('src/run-generator')
subdir('src/shutdown')
subdir('src/sleep')
subdir('src/socket-activate')
subdir('src/socket-proxy')
subdir('src/ssh-generator')
subdir('src/stdio-bridge')
subdir('src/sulogin-shell')
subdir('src/sysctl')
subdir('src/sysext')
subdir('src/system-update-generator')
subdir('src/systemctl')
subdir('src/sysupdate')
subdir('src/sysusers')
subdir('src/sysv-generator')
subdir('src/storagetm')
subdir('src/timedate')
subdir('src/timesync')
subdir('src/tmpfiles')
subdir('src/tpm2-setup')
subdir('src/tty-ask-password-agent')
subdir('src/update-done')
subdir('src/update-utmp')
subdir('src/user-sessions')
subdir('src/userdb')
subdir('src/varlinkctl')
subdir('src/vconsole')
subdir('src/veritysetup')
subdir('src/vmspawn')
subdir('src/volatile-root')
subdir('src/vpick')
subdir('src/xdg-autostart-generator')

subdir('src/systemd')

subdir('src/test')
subdir('src/fuzz')
subdir('src/ukify/test')  # needs to be last for test_env variable
subdir('test/fuzz')

subdir('mime')

alias_target('devel', libsystemd_pc, libudev_pc, systemd_pc, udev_pc)

#####################################################################

foreach test : simple_tests
        executables += test_template + { 'sources' : [test] }
endforeach

foreach test : libsystemd_tests
        executables += test_template + test
endforeach

foreach fuzzer : simple_fuzzers
        executables += fuzz_template + { 'sources' : [fuzzer] }
endforeach

foreach dict : executables
        name = dict.get('name', '')
        if name == ''
                name = fs.stem(dict.get('sources')[0])
                assert(name.split('-')[0] in ['test', 'fuzz'])
        endif

        is_test = name.startswith('test-')
        is_fuzz = name.startswith('fuzz-')

        build = true
        foreach cond : dict.get('conditions', [])
                if conf.get(cond) != 1
                        build = false
                        break
                endif
        endforeach
        if not build
                continue
        endif

        kwargs = {}
        foreach key, val : dict
                if key in ['name', 'dbus', 'public', 'conditions',
                           'type', 'suite', 'timeout', 'parallel']
                        continue
                endif

                kwargs += { key : val }
        endforeach

        foreach key, val : executable_additional_kwargs
                kwargs += { key : [ kwargs.get(key, []), val ]}
        endforeach

        if is_test
                kwargs += { 'install_dir' : kwargs.get('install_dir') / dict.get('type', '') }
                foreach key, val : test_additional_kwargs
                        kwargs += { key : [ kwargs.get(key, []), val ] }
                endforeach
        endif

        if is_fuzz
                foreach key, val : fuzz_additional_kwargs
                        kwargs += { key : [ kwargs.get(key, []), val ] }
                endforeach
        endif

        exe = executable(
                name,
                kwargs : kwargs,
        )

        executables_by_name += { name : exe }

        if dict.get('build_by_default', true)
                if dict.get('dbus', false)
                        dbus_programs += exe
                endif
                if dict.get('public', false)
                        public_programs += exe
                endif
        endif

        if is_test
                type = dict.get('type', '')
                suite = dict.get('suite', '')
                if suite == ''
                        suite = fs.name(fs.parent(dict.get('sources')[0]))
                        if suite.startswith('sd-')
                                suite = 'libsystemd'
                        endif
                endif

                if type == 'manual'
                        message('@0@/@1@ is a manual test'.format(suite, name))
                elif type == 'unsafe' and want_tests != 'unsafe'
                        message('@0@/@1@ is an unsafe test'.format(suite, name))
                elif dict.get('build_by_default')
                        test(name, exe,
                             env : test_env,
                             timeout : dict.get('timeout', 30),
                             suite : suite,
                             is_parallel : dict.get('parallel', true))
                endif
        endif

        if is_fuzz
                fuzzer_exes += exe

                if want_tests != 'false'
                        # Run the fuzz regression tests without any sanitizers enabled.
                        # Additional invocations with sanitizers may get added below.
                        fuzz_ins = fuzz_regression_tests.get(name, {})
                        foreach directive : fuzz_ins.get('directives', [])
                                tt = '@0@_@1@'.format(name, fs.name(directive.full_path()))
                                if tt.substring(45) != ''
                                        error('Directive sample name is too long:', directive.full_path())
                                endif

                                test(tt,
                                     exe,
                                     suite : 'fuzz',
                                     args : directive.full_path(),
                                     depends : directive)
                        endforeach
                        foreach file : fuzz_ins.get('files', [])
                                tt = '@0@_@1@'.format(name, fs.name(file))
                                if tt.substring(45) != ''
                                        error('Fuzz sample name is too long:', fs.name(file))
                                endif

                                test(tt,
                                     exe,
                                     suite : 'fuzz',
                                     args : file)
                        endforeach
                endif
        endif
endforeach

alias_target('fuzzers', fuzzer_exes)

#####################################################################

test_dlopen = executables_by_name.get('test-dlopen')

nss_targets = []
pam_targets = []
foreach dict : modules
        name = dict.get('name')
        is_nss = name.startswith('nss_')
        is_pam = name.startswith('pam_')

        build = true
        foreach cond : dict.get('conditions', [])
                if conf.get(cond) != 1
                        build = false
                        break
                endif
        endforeach
        if not build
                continue
        endif

        kwargs = {}
        foreach key, val : dict
                if key in ['name', 'conditions', 'version-script']
                        continue
                endif
                kwargs += { key : val }
        endforeach

        kwargs += {
                'link_args' : [
                        kwargs.get('link_args', []),
                        '-Wl,--version-script=' + dict.get('version-script'),
                ],
                'link_depends' : [
                        kwargs.get('link_depends', []),
                        dict.get('version-script'),
                ],
        }
        foreach key, val : module_additional_kwargs
                kwargs += { key : [ kwargs.get(key, []), val ]}
        endforeach

        lib = shared_library(
                name,
                kwargs : kwargs,
        )

        if is_nss
                # We cannot use shared_module because it does not support version suffix.
                # Unfortunately shared_library insists on creating the symlink…
                meson.add_install_script(sh, '-c', 'rm $DESTDIR@0@/lib@1@.so'.format(libdir, name),
                                         install_tag : 'nss')
                nss_targets += lib
        endif

        if is_pam
                pam_targets += lib
        endif

        if want_tests != 'false' and (is_nss or is_pam)
                test('dlopen-' + name,
                     test_dlopen,
                     # path to dlopen must include a slash
                     args : lib.full_path(),
                     depends : lib,
                     suite : is_nss ? 'nss' : 'pam')
        endif
endforeach

# We need the actual targets to build aliases
if nss_targets.length() > 0
        alias_target('nss', nss_targets)
endif
if pam_targets.length() > 0
        alias_target('pam', pam_targets)
endif

#####################################################################

ukify = custom_target(
        'ukify',
        input : 'src/ukify/ukify.py',
        output : 'ukify',
        command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'],
        install : want_ukify,
        install_mode : 'rwxr-xr-x',
        install_dir : bindir)
if want_ukify
        public_programs += ukify

        # symlink for backwards compatibility after rename
        meson.add_install_script(sh, '-c',
                                 ln_s.format(bindir / 'ukify',
                                             libexecdir / 'ukify'))
endif

#####################################################################

mkosi = find_program('mkosi', required : false)
if want_integration_tests and not mkosi.found()
        error('Could not find mkosi which is required to run the integration tests')
endif

mkosi_depends = public_programs

foreach executable : ['systemd-journal-remote', 'systemd-measure']
        if executable in executables_by_name
                mkosi_depends += [executables_by_name[executable]]
        endif
endforeach

if mkosi.found()
        custom_target('mkosi',
                build_always_stale : true,
                build_by_default: false,
                console : true,
                output : '.',
                command : [
                        mkosi,
                        '--directory', meson.current_source_dir(),
                        '--output-dir', meson.current_build_dir() / 'mkosi.output',
                        '--cache-dir', meson.current_build_dir() / 'mkosi.cache',
                        '--build-dir', meson.current_build_dir() / 'mkosi.builddir',
                        '--extra-search-path', meson.current_build_dir(),
                        '--force',
                        'build',
                ],
                depends : mkosi_depends,
        )
endif

############################################################

subdir('rules.d')
subdir('test')

#####################################################################

subdir('docs/sysvinit')
subdir('docs/var-log')
subdir('hwdb.d')
subdir('man')
subdir('modprobe.d')
subdir('network')
subdir('presets')
subdir('profile.d')
subdir('shell-completion/bash')
subdir('shell-completion/zsh')
subdir('sysctl.d')
subdir('sysusers.d')
subdir('tmpfiles.d')
subdir('units')

install_subdir('factory/etc',
               install_dir : factorydir)
subdir('factory/templates')

if install_sysconfdir
        install_data('xorg/50-systemd-user.sh',
                     install_dir : xinitrcdir)
endif
install_data('LICENSE.GPL2',
             'LICENSE.LGPL2.1',
             'NEWS',
             'README',
             'docs/CODING_STYLE.md',
             'docs/DISTRO_PORTING.md',
             'docs/ENVIRONMENT.md',
             'docs/HACKING.md',
             'docs/TRANSIENT-SETTINGS.md',
             'docs/TRANSLATORS.md',
             'docs/UIDS-GIDS.md',
             install_dir : docdir)

install_subdir('LICENSES',
               install_dir : docdir)

install_emptydir(systemdstatedir)

#####################################################################

# Ensure that changes to the docs/ directory do not break the
# basic Github pages build. But only run it in developer mode,
# as it might be fragile due to changes in the tooling, and it is
# not generally useful for users.
jekyll = find_program('jekyll', required : false)
if get_option('mode') == 'developer' and want_tests != 'false' and jekyll.found()
        test('github-pages',
             jekyll,
             suite : 'dist',
             args : ['build',
                     '--source', project_source_root / 'docs',
                     '--destination', project_build_root / '_site'])
endif

#####################################################################

check_help = find_program('tools/check-help.sh')
check_version = find_program('tools/check-version.sh')

foreach exec : public_programs
        name = fs.name(exec.full_path())
        if want_tests != 'false'
                test('check-help-' + name,
                     check_help,
                     suite : 'dist',
                     args : exec.full_path(),
                     depends: exec)

                test('check-version-' + name,
                     check_version,
                     suite : 'dist',
                     args : [exec.full_path(),
                             project_major_version],
                     depends: exec)
        endif
endforeach

# Enable tests for all supported sanitizers
foreach tuple : fuzz_sanitizers
        sanitizer = tuple[0]
        build = tuple[1]

        if cc.has_link_argument('-fsanitize=@0@'.format(sanitizer))
                foreach fuzzer, fuzz_ins : fuzz_regression_tests
                        name = '@0@:@1@'.format(fuzzer, sanitizer)
                        if want_tests == 'false'
                                message('Not compiling @0@ because tests is set to false'.format(name))
                                continue
                        endif
                        if not want_fuzz_tests
                                message('Not compiling @0@ because fuzz-tests is set to false'.format(name))
                                continue
                        endif
                        exe = custom_target(
                                name,
                                output : name,
                                depends : build,
                                command : [ln, '-fs',
                                           build.full_path() / fuzzer,
                                           '@OUTPUT@'],
                                build_by_default : true)

                        foreach directive : fuzz_ins.get('directives', [])
                                test('@0@_@1@_@2@'.format(fuzzer, fs.name(directive.full_path()), sanitizer),
                                     env,
                                     suite : 'fuzz+san',
                                     env : ['UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1'],
                                     timeout : 60,
                                     args : [exe.full_path(), directive.full_path()],
                                     depends : directive)
                        endforeach
                        foreach file : fuzz_ins.get('files', [])
                                test('@0@_@1@_@2@'.format(fuzzer, fs.name(file), sanitizer),
                                     env,
                                     suite : 'fuzz+san',
                                     env : ['UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1'],
                                     timeout : 60,
                                     args : [exe.full_path(), file])
                        endforeach
                endforeach
        endif
endforeach

#####################################################################

if git.found()
        all_files = run_command(
                env, '-u', 'GIT_WORK_TREE',
                git, '--git-dir=@0@/.git'.format(project_source_root),
                     'ls-files', ':/*.[ch]', ':/*.cc',
                check : false)
        if all_files.returncode() == 0
                all_files = files(all_files.stdout().split())

                custom_target(
                        'tags',
                        output : 'tags',
                        command : [env, 'etags', '-o', '@0@/TAGS'.format(project_source_root)] + all_files)
                run_target(
                        'ctags',
                        command : [env, 'ctags', '--tag-relative=never', '-o', '@0@/tags'.format(project_source_root)] + all_files)

                ############################################

                if want_tests != 'false' and conf.get('BUILD_MODE_DEVELOPER') == 1
                        test('check-includes',
                             files('tools/check-includes.py'),
                             args: all_files,
                             env : ['PROJECT_SOURCE_ROOT=@0@'.format(project_source_root)],
                             suite : 'headers')
                endif
        endif

        ####################################################

        git_contrib_sh = find_program('tools/git-contrib.sh')
        run_target(
                'git-contrib',
                command : [git_contrib_sh])

        ####################################################

        git_head = run_command(
                git, '--git-dir=@0@/.git'.format(project_source_root),
                     'rev-parse', 'HEAD',
                check : false).stdout().strip()
        git_head_short = run_command(
                git, '--git-dir=@0@/.git'.format(project_source_root),
                     'rev-parse', '--short=7', 'HEAD',
                check : false).stdout().strip()

        run_target(
                'git-snapshot',
                command : [git, 'archive',
                           '-o', '@0@/systemd-@1@.tar.gz'.format(project_source_root,
                                                                 git_head_short),
                           '--prefix', 'systemd-@0@/'.format(git_head),
                           'HEAD'])
endif

#####################################################################

check_api_docs_sh = find_program('tools/check-api-docs.sh')
run_target(
        'check-api-docs',
        depends : [man, libsystemd, libudev],
        command : [check_api_docs_sh, libsystemd.full_path(), libudev.full_path()])

alias_target('update-dbus-docs', update_dbus_docs)
alias_target('update-man-rules', update_man_rules)

if not meson.is_cross_build()
        custom_target(
                'export-dbus-interfaces',
                output : fs.name(dbus_interfaces_dir),
                install : dbus_interfaces_dir != 'no',
                install_dir : fs.parent(dbus_interfaces_dir),
                command : [export_dbus_interfaces_py, '@OUTPUT@', dbus_programs])
endif

meson_extract_unit_files = find_program('tools/meson-extract-unit-files.py')
custom_target('installed-unit-files.txt',
              output : 'installed-unit-files.txt',
              capture : true,
              install : want_tests != 'no' and install_tests,
              install_dir : testdata_dir,
              command : [meson_extract_unit_files, project_build_root])

#####################################################################

alt_time_epoch = run_command('date', '-Is', '-u', '-d', '@@0@'.format(time_epoch),
                             check : true).stdout().strip()

summary({
        'split bin-sbin' :                  split_bin,
        'prefix directory' :                prefixdir,
        'sysconf directory' :               sysconfdir,
        'include directory' :               includedir,
        'lib directory' :                   libdir,
        'SysV init scripts' :               sysvinit_path,
        'SysV rc?.d directories' :          sysvrcnd_path,
        'PAM modules directory' :           pamlibdir,
        'PAM configuration directory' :     pamconfdir,
        'ssh server configuration directory' : sshdconfdir,
        'ssh server privilege separation directory' : sshdprivsepdir,
        'ssh client configuration directory' : sshconfdir,
        'libcryptsetup plugins directory' : libcryptsetup_plugins_dir,
        'Shell profile directory' :         shellprofiledir,
        'RPM macros directory' :            rpmmacrosdir,
        'modprobe.d directory' :            modprobedir,
        'D-Bus policy directory' :          dbuspolicydir,
        'D-Bus session directory' :         dbussessionservicedir,
        'D-Bus system directory' :          dbussystemservicedir,
        'D-Bus interfaces directory' :      dbus_interfaces_dir,
        'bash completions directory' :      bashcompletiondir,
        'zsh completions directory' :       zshcompletiondir,
        'private shared lib version tag' :  shared_lib_tag,
        'extra start script' :              get_option('rc-local'),
        'debug shell' :                     '@0@ @ @1@'.format(get_option('debug-shell'),
                                                               get_option('debug-tty')),
        'system UIDs' :                     '<=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_UID_MAX'),
                                                                         conf.get('SYSTEM_ALLOC_UID_MIN')),
        'system GIDs' :                     '<=@0@ (alloc >=@1@)'.format(conf.get('SYSTEM_GID_MAX'),
                                                                         conf.get('SYSTEM_ALLOC_GID_MIN')),
        'dynamic UIDs' :                    '@0@…@1@'.format(dynamic_uid_min, dynamic_uid_max),
        'container UID bases' :             '@0@…@1@'.format(container_uid_base_min, container_uid_base_max),
        'static UID/GID allocations' :      ' '.join(static_ugids),
        '/dev/kvm access mode' :            get_option('dev-kvm-mode'),
        'render group access mode' :        get_option('group-render-mode'),
        'certificate root directory' :      get_option('certificate-root'),
        'support URL' :                     support_url,
        'nobody user name' :                nobody_user,
        'nobody group name' :               nobody_group,
        'fallback hostname' :               get_option('fallback-hostname'),
        'default compression method' :      compression,
        'default DNSSEC mode' :             default_dnssec,
        'default DNS-over-TLS mode' :       default_dns_over_tls,
        'default mDNS mode' :               default_mdns,
        'default LLMNR mode' :              default_llmnr,
        'default DNS servers' :             dns_servers.split(' '),
        'default NTP servers' :             ntp_servers.split(' '),
        'default net.naming_scheme= value': default_net_naming_scheme,
        'default KillUserProcesses= value': kill_user_processes,
        'default locale' :                  default_locale,
        'default nspawn locale' :           nspawn_locale,
        'default status unit format' :      status_unit_format_default,
        'default user $PATH' :
                default_user_path != '' ? default_user_path : '(same as system services)',
        'systemd service watchdog' :        service_watchdog == '' ? 'disabled' : service_watchdog,
        'time epoch' :                      '@0@ (@1@)'.format(time_epoch, alt_time_epoch)})

# TODO:
# CFLAGS:   ${OUR_CFLAGS} ${CFLAGS}
# CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS}
# LDFLAGS:  ${OUR_LDFLAGS} ${LDFLAGS}

found = []
missing = []

foreach tuple : [
        # dependencies
        ['ACL'],
        ['AUDIT'],
        ['AppArmor'],
        ['IMA'],
        ['PAM'],
        ['SECCOMP'],
        ['SELinux'],
        ['SMACK'],
        ['blkid'],
        ['elfutils'],
        ['gcrypt'],
        ['gnutls'],
        ['libbpf'],
        ['libcryptsetup'],
        ['libcryptsetup-plugins'],
        ['libcurl'],
        ['libfdisk'],
        ['libfido2'],
        ['libidn'],
        ['libidn2'],
        ['libiptc'],
        ['microhttpd'],
        ['openssl'],
        ['p11kit'],
        ['passwdqc'],
        ['pcre2'],
        ['pwquality'],
        ['qrencode'],
        ['tpm2'],
        ['xkbcommon'],

        # compression libs
        ['zstd'],
        ['lz4'],
        ['xz'],
        ['zlib'],
        ['bzip2'],

        # components
        ['backlight'],
        ['binfmt'],
        ['bootloader'],
        ['bpf-framework',          conf.get('BPF_FRAMEWORK') == 1],
        ['coredump'],
        ['efi'],
        ['environment.d'],
        ['firstboot'],
        ['hibernate'],
        ['homed'],
        ['hostnamed'],
        ['hwdb'],
        ['importd'],
        ['initrd'],
        ['kernel-install'],
        ['localed'],
        ['logind'],
        ['machined'],
        ['networkd'],
        ['nss-myhostname'],
        ['nss-mymachines'],
        ['nss-resolve'],
        ['nss-systemd'],
        ['oomd'],
        ['portabled'],
        ['pstore'],
        ['quotacheck'],
        ['randomseed'],
        ['repart'],
        ['resolve'],
        ['rfkill'],
        ['sysext'],
        ['systemd-analyze',        conf.get('ENABLE_ANALYZE') == 1],
        ['sysupdate'],
        ['sysusers'],
        ['storagetm'],
        ['timedated'],
        ['timesyncd'],
        ['tmpfiles'],
        ['userdb'],
        ['vconsole'],
        ['vmspawn'],
        ['xdg-autostart'],

        # optional features
        ['dmi'],
        ['idn'],
        ['polkit'],
        ['legacy-pkla',            install_polkit_pkla],
        ['kmod'],
        ['xenctrl'],
        ['dbus'],
        ['glib'],
        ['tpm'],
        ['man pages',              want_man],
        ['html pages',             want_html],
        ['man page indices',       want_man and have_lxml],
        ['SysV compat'],
        ['compat-mutable-uid-boundaries'],
        ['utmp'],
        ['ldconfig'],
        ['adm group',              get_option('adm-group')],
        ['wheel group',            get_option('wheel-group')],
        ['gshadow'],
        ['debug hashmap'],
        ['debug mmap cache'],
        ['debug siphash'],
        ['trace logging',          conf.get('LOG_TRACE') == 1],
        ['slow tests',             want_slow_tests],
        ['fuzz tests',             want_fuzz_tests],
        ['install tests',          install_tests],
        ['link-udev-shared',       get_option('link-udev-shared')],
        ['link-systemctl-shared',  get_option('link-systemctl-shared')],
        ['link-networkd-shared',   get_option('link-networkd-shared')],
        ['link-timesyncd-shared',  get_option('link-timesyncd-shared')],
        ['link-journalctl-shared', get_option('link-journalctl-shared')],
        ['link-boot-shared',       get_option('link-boot-shared')],
        ['link-portabled-shared',  get_option('link-portabled-shared')],
        ['first-boot-full-preset'],
        ['fexecve'],
        ['standalone-binaries',    get_option('standalone-binaries')],
        ['coverage',               get_option('b_coverage')],
]

        if tuple.length() >= 2
                cond = tuple[1]
        else
                ident1 = 'HAVE_' + tuple[0].underscorify().to_upper()
                ident2 = 'ENABLE_' + tuple[0].underscorify().to_upper()
                cond = conf.get(ident1, 0) == 1 or conf.get(ident2, 0) == 1
        endif
        if cond
                found += tuple[0]
        else
                missing += tuple[0]
        endif
endforeach

if static_libsystemd == 'false'
        missing += 'static-libsystemd'
else
        found += 'static-libsystemd(@0@)'.format(static_libsystemd)
endif

if static_libudev == 'false'
        missing += 'static-libudev'
else
        found += 'static-libudev(@0@)'.format(static_libudev)
endif

if conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1 and conf.get('PREFER_OPENSSL') == 1
        found += 'cryptolib(openssl)'
elif conf.get('HAVE_OPENSSL_OR_GCRYPT') == 1
        found += 'cryptolib(gcrypt)'
else
        missing += 'cryptolib'
endif

if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1
        found += 'DNS-over-TLS(gnutls)'
elif conf.get('DNS_OVER_TLS_USE_OPENSSL') == 1
        found += 'DNS-over-TLS(openssl)'
else
        missing += 'DNS-over-TLS'
endif

summary({
        'enabled' :  ', '.join(found),
        'disabled' : ', '.join(missing)},
        section : 'Features')
